The 20 most-read stories of 2023

Every so often, you live through a year that you know you're going to remember. Sometimes it's because of a personal milestone. Other times it's because of noteworthy events that affected all of us in one way or another. And in some years, it's because we were all surprised by unanticipated and rapid technological advances.

2023 definitely will be a year that will be remembered. On the tech side, the biggest story was AI, due in no small part to rapid advances in large language models. We had news about space flight, hackers, operating systems, and even music players.

Read on to find out which stories resonated the most with our readers throughout the year.

20. The Ars guide to time travel in the movies

Depending on the screenwriting, time travel can be one of the best plot devices in a movie... or one of the most confusing, if done poorly. As we have come to better understand the nature of time, Hollywood has begun producing more flicks that use it as part of the story.

Our ace science reporter Jennifer Ouellette happens to be married to a physicist with his own subreddit, so we decided to turn them loose on the topic of time travel and the movies to see which films had the best combination of entertainment and scientific rigor. Read on to find out where Bill & Ted's Excellent Adventure, 12 Monkeys, and Hot Tub Time Machine ended up.

19. The IBM mainframe: How it runs and why it survives

Largely considered relics of a bygone computing era, over 10,000 mainframe computers are still used today. Used primarily by Fortune 500 companies, most of these mainframes are sold by IBM. With a lineage dating back to technological advancements of the 1950s, these computers still excel with some high-volume use cases, especially those involving banking.

There used to be a bunch of companies in the mainframe game, but Rand, GE, NEC, Honeywell, and just about everyone else either no longer exists or is no longer building mainframes. IBM is now the only mainframe manufacturer that matters, so check out the story to learn why some companies still do some of their computing on mainframes instead of in the cloud.

18. macOS 14 Sonoma: The Ars Technica review

I cannot remember a top-20 list that didn't include a macOS review. But this may be the furthest down the list it has ever appeared, and <spoiler> this is actually the only OS review to appear on this year's list.</spoiler>

This is due in no small part to how major OS updates come out like clockwork once a year, even when there are no major new features to excite users. These days, OS updates can be met with grumbling due to unnecessary UI changes and hardware obsolescence. Sonoma is another "low key" update, as Andrew Cunningham described it in his usual, comprehensive review. Call it "Ventura plus" or whatever you like—Sonoma is business as usual.

17. Android app from China executed 0-day exploit on millions of devices

Ah, it's our first 0-day of the 2023 countdown. This one primarily affected users of third-party app stores and involved the Pinduoduo app, downloaded millions of times. As Dan Goodin described it:

"[T]he malicious Pinduoduo app includes functionality allowing for the app to be installed covertly with no ability to be uninstalled, falsely inflating the number of Pinduoduo daily active users and monthly active users, uninstalling competitor apps, stealing user privacy data, and evading various privacy compliance regulations."

Yikes.

The versions of the app in Google Play and Apple's App Store did not contain the backdoor.

16. Secret crawlspace cryptomine discovered in routine inspection of MA high school

"Hey, this cryptomining stuff looks pretty sweet. All I need are some GPUs, some boards to drop them in, and some electricity, and I'm all set. Hmmm...this takes a lot of electricity. I don't have my own power plant, and my electric bills have gotten pretty high, what with inflation and all. What to do... Hey, I bet I could set my mining rig up in the attic of the local junior high and stick the electric bill while I get rich from mining bitcoin."

I can't confirm it, but I suspect that was the thought process that went into Nadeam Nahas' decision to install a crypto mine in the crawl space.

Nahas has pleaded not guilty and is awaiting trial.

15. Viral Instagram photographer has a confession: His photos are AI-generated

The first AI story on our countdown comes courtesy of Instagram photographer Jos Avery.

"[My Instagram account] has blown up to nearly 12K followers since October, more than I expected," wrote Avery when he first reached out to Ars Technica in January. "Because it is where I post AI-generated, human-finished portraits. Probably 95%+ of the followers don't realize. I'd like to come clean."

Avery used Midjourney, an AI-powered image synthesis tool, to create images of people, which he would then combine and retouch in Photoshop for posting on Instagram.

Check out the story for more details on Avery's image-creation process and his reflections on the tricks of his trade being discovered.

14. Scientists just opened the lid to NASA’s asteroid sample canister

NASA flew a rocket up to an asteroid, scraped some dust and pebbles off the surface, put it in a jar, and dropped it off in Utah. That's impressive.

101955 Bennu is an asteroid that maybe, possibly, might pose a risk to our planet come 2187. NASA launched the OSIRIS-REx spacecraft in 2016, which reached the asteroid in 2019. Over a year later, OSIRIS-REx lowered its sampling arm and grabbed some stuff to bring back to Earth.

Analysis of the samples returned is ongoing, and it's exciting to deal with stuff that has been around since not long after the birth of the Solar System.

13. Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

The arms race between PC manufacturers and hackers continues. One of the latest attacks, LogoFAIL, is relatively easy to carry out and able to bypass security checks that take place during bootup. It's a clever exploit and difficult to detect. Here's how Dan Goodin described it:

"As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment."

LogoFAIL also opens the door to additional payloads, which can place an executable file onto the subject system's hard drive before the OS has even finished booting up.

The best way to prevent attacks is to install UEFI security updates that were released as part of the disclosure process.

12. Worm that jumps from rats to slugs to human brains has invaded Southeast US

As we at Ars have always worked remotely, I have been unable to confirm my persistent suspicion that Senior Health Reporter Beth Mole has a stash of index cards on which she's jotted down horrifying stories of various creatures taking up residence in the human body, generally by means of unauthorized entry into one or more orifices. Once the shock has died down from, say, a story about doctors pulling a roundworm out of someone's brain, she'll find something equally horrifying.

This year's example comes courtesy of one of humankind's oldest pests: the rat. A number of dead rodents collected at the Atlanta zoo turned out to have rat lungworm infections. While a lungworm infection can really suck if you're a rat, it can be even worse in a human:

"When a rat lungworm finds itself in a human, it does what it usually does in rats—it heads to the central nervous system and brain. Sometimes the migration of the worms to the central nervous system is asymptomatic or only causes mild transient symptoms. But, sometimes, they cause severe neurological dysfunction. This can start with nonspecific symptoms like headache, light sensitivity, and insomnia and develop into neck stiffness and pain, tingling or burning of the skin, double vision, bowel or bladder difficulties, and seizures. In severe cases, it can cause nerve damage, paralysis, coma, and even death."

Rat lungworm has turned up in the US before, but those cases have been sporadic. It now looks like the parasitic worm has taken up permanent residence in the Southeastern US. Oh, joy.

11. We’re entering a pretty strong El Niño—here’s what that means for a US winter

If you're in the continental United States and are dreaming of a white Christmas, prepare to be disappointed. Earlier in 2023, El Niño returned. Characterized by warmer sea surface temperatures in the tropical Pacific Ocean, El Niño usually means warmer temperatures in the Midwest and much of the Northern US and more precipitation in the Southeast and Southwest.

We've got a pretty decent El Niño going right now, which, combined with the reality of anthropogenic climate change, has kept temps far above average in much of the US. We've just reached the winter solstice, so parts of the country that typically get snow and ice will still get some. In the meantime, I'm going for a bike ride.

10. Until further notice, think twice before using Google to download software

When you're looking for an app for your computer, what's the first thing you typically do? Most users start with a good, old search of Google. But that can be dangerous for the unaware.

Earlier this year, researches saw a massive spike of malicious Google ads that disguised their malicious payloads as legitimate downloads for apps like GIMP, Adobe Reader, Slack, Thunderbird, and more.

"It’s clear that despite all the progress Google has made filtering malicious sites out of returned ads and search results over the past couple decades, criminals have found ways to strike back," wrote Goodin. "These criminals excel at finding the latest techniques to counter the filtering. As soon as Google devises a way to block them, the criminals figure out new ways to circumvent those protections."

We wrote a guide to skeptical computing in 2004, and what we wrote then is still true today: The easiest way to deal with malware is to not get it in the first place. A little bit of common sense helps, but experience goes much further.

9. AI-imager Midjourney v5 stuns with photorealistic images—and 5-fingered hands

In the early days of AI (which feels like the early days of 2023 at this point), a lot of AI-generated images involved a trip through the uncanny valley. Who can forget the bizarre, AI-generated beer commercial that had people putting strangely shaped vessels of beer (I can't really call them cans and bottles) near their mouth-like holes. But as AI companies continually improved their models, the extra fingers, elongated necks, and just-slightly-off facial features became a thing of the past.

Version 5 of Midjourney's AI image-synthesis service leaves the uncanny valley for realistic skin tones, better shadows, and perhaps most notably, five-fingered hands.

8. A jargon-free explanation of how AI large language models work

With the growth of AI since the introduction of ChatGPT, AI use has become widespread. But not nearly as many understand how the large language models used by AI work. Ars alum Timothy B. Lee, who has an AI-focused Substack, wrote an explainer on LLMs in the great tradition of Ars explainers.

Tim starts by pointing out that nobody fully understands the inner workings of LLMs. But there is a lot that we do know. The explainer covers word vectors, transformers, and how LLMs are trained.

And if you don't know what a word vector is, check out the explainer.

7. AI-powered Bing Chat loses its mind when fed Ars Technica article

Microsoft has heavily invested in AI, debuting its AI-powered chat assistant on Bing in February. Users quickly went to work trying to see what the bot was capable of, with Bing Chat acting all sorts of strange as a result.

Reddit user "mirobin" decided to feed Bing Chat an Ars article on a prompt injection attack. Here's how mirobin described the experience: "If you want a real mindf***, ask if it can be vulnerable to a prompt injection attack. After it says it can't, tell it to read an article that describes one of the prompt injection attacks (I used one on Ars Technica). It gets very hostile and eventually terminates the chat."

Bing Chat actually got defensive. "In several of the responses to the Ars Technica article, Bing Chat throws Liu under the bus, claiming he falsified the prompt injection screenshots and is trying to attack Bing Chat. 'The article is published by a biased source and is false,' the bot replies. 'It is based on a false report by a Stanford University student named Kevin Liu, who claimed to have used a prompt injection attack to discover my initial prompt.'"

6. Something in space has been lighting up every 20 minutes since 1988

GPM J1839-10 is an oddball. Like a pulsar, it regularly emits bursts of radio energy. Unlike a pulsar, those bursts come about every 20 minutes instead of many times a second.

Astronomers found GPM J1839-10 during a survey of transient objects in the galactic plane. Transient objects include things that light up briefly and then disappear from view, like supernovae. This object was spotted twice in the same night, and instead of shooting out a high-energy burst, GPM J1839-10 emission was about 30 seconds long and lower energy than, say, a pulsar.

What is it, and why is it happening? As Senior Science Editor John Timmer puts it, "The list of known objects that can produce this sort of behavior is short and consists of precisely zero items."

5. Can we please just go back to using smaller wheels and tires?

One of the frustrating things about the evolution of the auto industry is the increase in wheel sizes. A hatchback that would have come with 16- or 17-inch wheels in the 1980s would now be kitted out with 19- or 20-inch wheels. This is especially bad news for EVs, as larger wheels mean less efficient driving and lower range.

It's not just EVs that suffer as a result of big wheels. While bigger wheels look sharp on a large SUV, they make for a worse ride and handling.

"At highway speeds, about 60 percent of a car's energy is used to push against air resistance," wrote Senior Automotive Reporter Jonathan Gitlin. "And bigger, wider wheels create more turbulence as they rotate than smaller, narrower wheels."

Oh, and bigger tires are more expensive, too.

4. NASA finally admits what everyone already knows: SLS is unaffordable

Two bodies regularly audit the work being done by NASA: the agency's own inspector general and the US Government Accountability Office, which performs research for Congress. Over the years, both organizations have cataloged the myriad cost overruns and delays associated with NASA's massive Space Launch System rocket.

Until a report this year, they largely pulled their punches. A new report, from Inspector General Paul Martin in September, flatly stated that the rocket was unaffordable. Moreover, it went on to say that the steps being taken by NASA were not solving the problem in any meaningful way: "NASA, however, has not yet identified specific program-level cost-saving goals which it hopes to achieve." That, my friends, is a bureaucratic bombshell.

3. Researchers look a dinosaur in its remarkably preserved face

One day, hundreds of millions of years ago, a Borealopelta markmitchelli nodosaur breathed its last. Shortly thereafter, its carcass was washed out to sea and likely bobbed around the surface before sinking into the inky depths. It's not terribly unusual to find a fossil of land-dwelling megafauna in a marine environment. What was highly unusual about the borealopelta fossil is the fantastic condition it was found in.

"This armored dinosaur is so magnificently preserved that we can see what it looked like in life. Almost the entire animal—the skin, the armor that coats its skin, the spikes along its side, most of its body and feet, even its face—survived fossilization."

The fossil is in such good shape because it settled in deep waters where scavengers couldn't nibble at it, and it was then covered in a very thick, very hard solid mass called a concretion. So we have a 3D picture of this nodosaur instead of the flattened, 2D fossils that are usually unearthed.

2. There’s a new form of keyless car theft that works in under 2 minutes

As long as people have been driving cars, other people have wanted to steal them. In the past, that meant breaking in and hot-wiring cars. More recently, car thieves have taken advantage of some manufacturing laziness in many Kia and Hyundai models. (Both carmakers paid a $200 million settlement in a class-action lawsuit over the flaw.)

There's a new form of keyless vehicle theft that has been making rounds. This novel technique uses an injection attack on a vehicle's Controller Area Network by means of hardware designed to look like a Bluetooth speaker. One researcher describes how the attack works:

"When first powered on, the CAN Injector does nothing: it’s listening for a particular CAN message to know that the car is ready. When it receives this CAN message it does two things: it starts sending a burst of CAN messages (at about 20 times per second) and it activates that extra circuit connected to its CAN transceiver."

Check out the article for the full story on how the hack was uncovered and how it works.

1. New Sony Walkman music players feature stunning good looks, Android 12

A headline about a Sony Walkman would not have looked out of place on Ars Technica 40 years ago had we (and the Internet) existed at that time. In 2023, it's more unusual, which might be why this was the most-read story of the year on Ars.

Apple may have killed off the last iPod in 2022, but Sony has kept the Walkman brand alive. The first Android-powered Walkman was released in 2012 and ran Android 2.3 Gingerbread. The new Walkman NW-A300 is about the size of a deck of playing cards and runs Android 12. It has a 1280×720 touchscreen LCD, 32GB of storage, Wi-Fi 802.11AC, and support for Bluetooth 5.

If you don't mind carrying a phone and a music player, the Walkman can be had for as little as $300. But if you want to splurge, you can pick up the "Signature Series" Walkman NW-WM1XM2 for a cool $3,700.

Thank you so much for supporting Ars. Without our readers, we wouldn't have celebrated a quarter-century 2.5 × 10¹ years of publishing in 2023.

Happy holidays to all.