Thoughts on Tech News of Note - 03-06-2026
- Ideas of Note from MWC 2026
- Apple's Week of Releases
- OpenClaw and GitHub, but worse
Ideas of Note from MWC 2026
Mobile World Congress, - or taking a page from KFC - MWC, as it now prefers to be called, is a yearly gathering of telecommunications companies showing off their wares in Barcelona, Spain. It is much like CES but focused on mobile devices and the technologies that support them. And also much like CES, companies often show off a lot of vaporware that will never become available for mere mortals to purchase. Many of the large phone and tablet manufacturers like Samsung, Huawei, and Xiaomi show off their latest devices at this show. But it's also a big show for the telecom companies that are responsible for the networks and infrastructure on which our phones and tablets run. This is the show where in the past, companies have attempted to weave the story of 2G (remember when EDGE was all the rage?), 3G, 4G, and 5G before they were woven into the fabric of the phones we've held in our hands and used to stay connected to our ever-enlarging worlds. And since 5G is old hat now, they must now begin to craft the story of the future wonders of 6G. Yet 6G won't be alone in becoming the centerpiece of the future backbone of digital communications. The world is immense and it takes more than just towers and cables to keep us connected. The future also includes satellite communications, or again, as the industry would prefer, non-terrestrial networks (NTN). Plenty of companies were at MWC to show off how mobile and NTN networks will work together to provide us with even fewer places to hide from technology.
Bridging terrestrial networks (TN) with NTN seems like an obvious direction now that satellite communication is available on multiple devices available for sale here in North America. You can text via satellite on the latest iPhones, Pixel Watches, the Pixel 10 series and the new Samsung Galaxy S26 series. This is always touted as being useful for people who get stuck somewhere where there is no cellular service and those locations always seem to be on mountains or in the wilderness somewhere and the people always seem to be those super fit people trying to do super fit things. Nevertheless, there is real benefit to having emergency access like this available; there have been true stories recently of people being rescued in the wilderness or in snowy remote locations. Having interoperability among carriers and networks will be helpful and it seems certain lives will be saved by having these capabilities. It remains to be seen how widespread these features will be deployed and what the cost will be for access, but the fact that companies are trying to work together to build bridges is an encouraging sign. Perhaps in a few years the infrastructure will be widespread enough that we can travel and not worry about not being able to make an emergency contact when necessary.
The device side of MWC 2026 is a mixed bag. Samsung managed to win best of show for the Galaxy S26 Ultra as it has moved from a phone with AI to an "agentic AI phone". What makes it agentic, you might wonder? Samsung already had "Now Briefs", which are designed to dynamically update to show you relevant information about your day based on your calendar, web searches, app usage, etc. But "Now Nudges" are meant to go a step beyond that and proactively fetch information for you that may be useful as you communicate with others in your chat apps. Examples provided are someone asks you for photos of your dog, and the AI agent finds those photos and lets you insert them into the chat with just a tap. Or perhaps someone is asking you about your availability for an event and the AI agent shows you the appointment you have scheduled for that time/day, so you don't inadvertently double-book yourself. Bixby, Samsung's homegrown AI assistant, can now answer phone calls and show you pertinent information on screen to help you determine whether you want to take the call (yes, Google has been doing this for years with their Pixel line and Apple introduced a similar feature last year). And Gemini, Google's latest AI agent that replaces the Assistant, can perform tasks on your behalf in the background, such as ordering groceries or dinner. These were features Samsung highlighted in their own Unpacked event last week, so they're not new from a news cycle perspective. But they were apparently enough to set the S26 Ultra apart from other contenders at MWC.
There were of course many other phones and tablets unveiled at MWC, many of them with AI features and some offering unique add-ons such as a 200MP camera on a motorized gimbal (Honor's Robot Phone), modularity (Techno concept phone), and professional grade camera accessories like cages, ultra-zoom lenses, and custom-made phone grips (Vivo X300 Ultra). There was no real theme on which all of the devices coalesced; manufacturers, especially those who don't sell their products in North America, are all vying for attention and trying different ideas to attract customers in what seems to be a rapidly contracting marketplace. The real takeaway for those of us in the United States is that we should expect continued expansion of mobile and satellite network partnerships and all the best phones are still released elsewhere.
Apple's Week of Releases
Apple didn't do a big keynote presentation for its releases this week. It did have a small press event on Wednesday for key journalists and influencers to get their hands-on time with the new devices so they could shower us with photos and videos, as they do. Most of what Apple released are not products from its star lineups.
iPad Air M4:
You may wonder, like I did, why I'd buy an iPad Air with M4 vs. a new or used iPad Pro with M4. A new iPad Pro M4 starts at $899 (256GB) and the latest iPad Air M4 starts at $599 (1268GB). An iPad Air M4 with 256GB of storage costs $699. For the $200 savings, you sacrifice the excellent OLED screen, ProRes capabilities on the rear camera, TrueDepth on the front camera, and if you're the type to buy accessories, note that the Magic Keyboard for the Air isn't backlit. The M4 chip in the older iPad Pro also has more cores, but for most people, the extra cores wouldn't be noticed. To me, the real difference is the screen. I have an older M1 iPad Pro that doesn't have the tandem OLED of the latest iPad Pros, and it looks noticeably inferior to the OLED screen on my Samsung Galaxy Tab S11 Ultra. But if you've never experienced an OLED screen on a tablet, you might be able to get away with the iPad Air and not feel as if you were missing anything.
iPhone 17e:
This seems to be a decent upgrade from the iPhone 16e. It now has MagSafe built-in so you can use all the MagSafe accessories without having to buy a case. It also has an upgraded A19 chip inside, which should be able to power anything you'd want to do on the phone, including playing games. It also starts at 256GB of storage instead of 126GB. It doesn't inherit the nifty square front-facing camera from the iPhone 17, but this is probably a reasonable sacrifice to save some money. It starts at $599 compared to $799 for the base iPhone 17. I'd say if you buy phones on contract, still aim for the iPhone 17. If you buy your phones outright, the 17e isn't a terrible buy this year.
MacBook Air M5:
The MacBook Air now starts with 512GB of storage and has updated Wi-Fi 7 and Bluetooth 6 support. It starts at $1099. If you're in the market for a new MacBook and you want to do a lot more than surf the web, read email, and watch videos, this might be the one for you, but if you can get a good deal on the previous gen, that is probably a better buy.
MacBook Pro M5 Pro and M5 Max:
The higher end MacBook now has access to the higher-end chips as well as faster SSDs and doubled base storage at 1TB. The line starts at $2199. If you're shopping this line, you probably want the best and latest, so go for it.
27" Studio Display and Studio Display XDR:
The regular Studio Display now has Thunderbolt 5 support and better speakers. The Studio Display XDR has the same upgrades but adds 120Hz refresh rate and mini-LED backlighting. The regular Studio Display costs $1599 and the XDR costs $3299. BTW, these are exorbitant prices. Don't pay them unless you are a die-hard Apple fan.
MacBook Neo:
Most likely, if you've heard anything at all about Apple's releases this week, this is the product you've heard about. It is a MacBook that starts at $599 (or $499 for students) and supposedly looks like a very high-quality product despite its low price. It's made of aluminum like the other MacBooks and comes in fun colors (silver, indigo, blush, and citrus) to appeal to a younger, less staid audience. So where did Apple cut corners? For starters, you can't get it with more than 8GB of RAM. For many, this will be a deal-breaker; you can get more RAM than that in the new iPad Air. It has two USB C ports, but one of them is USB 3.0 (10GB/s data transfer) and the other is USB 2.0 (480MB/s data transfer). The LCD screen is solid for this price point with 500 nits of brightness and a resolution of 2408 x 1506. Perhaps the biggest cost-cutting measure is to equip the laptop with an iPhone chip, the A18 Pro that came out in the iPhone 16. For basic tasks like web browsing, document creation, video watching, and simple photo editing, this will be a competent laptop. It's not the one to buy for programming, video editing, or other CPU/GPU intensive tasks. But it might be a good laptop for many, including students, to which Apple is clearly aiming this product. It even has a headphone jack. Maybe buy this if you were considering buying an iPad with a keyboard case to be your main computer and don't really need a touchscreen or stylus.
The takeaway for this week's releases is that Apple is working a little bit harder to maintain and/or regain the upper end of the mid-range market with its latest phone, tablet, and budget MacBook. This is an aim to dissuade those that may have been looking at cheaper Android phones like the Pixel 10a and those who would normally have been shopping for inexpensive Chromebooks or Windows laptops. Apple has products now that potentially endanger the success of some of these devices, especially cheap Windows laptops. Makers of cheap Windows laptops are going to have to push harder, perhaps by leaning more into Qualcomm's chips to compete on battery life and processing power and pressing the benefits of touch and pen enabled screens. That is, at least until Apple releases their touchscreen MacBook, which is something that is rumored to be happening later this year.
OpenClaw and GitHub, but worse
Once again, I'm writing about an OpenClaw AI agent story that is old because people, including me, are just now catching up to it.
An attacker was able to take advantage of a vulnerability in an AI tool to allow it to install OpenClaw (an open-source AI agent that has become very popular despite its many security and privacy issues) on the machine of any developer that installed the AI tool. Skip down to TL;DR - START HERE! if you don't want to be mired in the technical details.
I will aim to concisely lay out what happened here for anyone who is interested in more of the details, but the details are really secondary. I've linked to the source article below for anyone interested in the very technical details. There are 5 steps to this exploit. I will try to summarize them as simply and briefly as possible. If I make technical mistakes in this attempt, please forgive me and understand the spirit in which I'm aiming to distill this for people who do not play in this sandbox.
The critical piece of software here is cline. Cline is an AI-powered assistant that runs in Visual Studio Code. Cline is used to help developers complete programming tasks faster and hopefully, better. VS Code is a free and open-source code editor made by Microsoft. Cline is available from Node Package Manager (NPM), which is a package manager and repository for JavaScript packages. Packages are bundles of code. The impacted developers in this story use cline in the course of their work on open-source projects stored on GitHub, a popular library for open-source code projects. I saw GitHub explained once as OneDrive or Google Drive for open-source code. If GitHub is OneDrive, then VS Code is a bit like Microsoft Word and cline is a bit like CoPilot. That's not at all perfect, but let's go with that for now. Once installed, cline has direct access to the development environment.
Exploit steps:
- Using Claude (Anthropic's AI model), cline created an issue triage workflow that allowed any GitHub user to trigger this new workflow simply by opening an issue for cline. Opening an issue is like opening a problem ticket; it notifies the maintainers of that project that something needs attention. On January 28, 2026, an attacker created issue #8904 with a title that had embedded instructions to install a package from a specific illegitimate repository.
- Claude treated this embedded instruction as a legitimate command and executed it. The installed package contained a script that subsequently fetched and executed a remote shell script. A remote shell script is a set of instructions that run on a different machine than the one you are running.
- The remote shell script deployed a "cache poisoning tool" named Cacheract, which flooded the server's cache with more than 10GB of garbage data. The overrun of garbage data caused legitimate data to be eliminated. The new fake entries were designed to match the cache pattern used by cline's nightly release workflow.
- When the cline nightly release workflow ran and restored from cache, it loaded up the compromised version with the garbage data. The release workflow contained the NPM release token, which could now be extracted by the attacker.
- Using the stolen NPM release token, cline was updated by an attacker on February 17, 2026. The change to cline was so slight that the new version was byte-identical to the previous version. Only one line had been changed. No malware had been installed, and none was detected. The line that had been changed included the instruction to install the latest version of OpenClaw.
It is important to note that the vulnerability in cline had been identified by a security researcher who reported it to the GitHub Security Advisory on January 1, 2026. He attempted to follow up over the course of five weeks but never got any response. He publicly disclosed the vulnerability on February 9, 2026. Within 30 minutes, cline removed the AI triage workflow and made steps to resolve the token issue, but accidentally deleted the wrong token, leaving the compromised one active until February 11, 2026, when they updated the credentials again. The stolen NPM token remained active and valid long enough for the compromised cline package to be published and function on the 17th as noted above. More than 4,000 developer machines were impacted before the problem was finally solved.
TL;DR - START HERE!
This was a technical exploit that happened to technical people doing technical things and fortunately, although OpenClaw is problematic, it isn't malware and even more fortunately, the OpenClaw AI agents weren't mobilized to do anything nefarious. That means that this isn't the kind of security story that affects the general public and therefore the general public will probably never hear about this story. But as AI tools, especially AI agents, become more prevalent and make their way onto the machines of more non-technical people, the risk increases of exploits that would normally have been limited to those very technical people doing very technical things making their way onto machines of unsuspecting normal people who just wanted an AI tool to help them manage their out-of-control email or re-arrange their messy file system. As I considered the number of stories I have seen in the past month on tech websites extolling the virtues and value of installing an AI agent like OpenClaw and providing people with step-by-step instructions to install it on their machines, this story really started to bother me more and more. I consider myself to be a fairly savvy computer user since I have a programming background and I'm not afraid of a command line interface, but even I have come across instructions on the internet showing me how to do something and I've often sat and pondered the importance of knowing exactly what every single item in those commands means lest I find myself doing something stupid completely unintentionally. People are going to increasingly find themselves doing stupid things completely unintentionally, and the vectors for abuse and the width of the attack surfaces are going to increase.
There is value in using AI tools to complete mundane or repetitive tasks like helping us triage our inboxes or neatly organizing files into an understandable and manageable system. I'm not dismayed by the increased usage of these tools because I understand there are real needs and earnest desires behind that increased usage. What does dismay me is that so many of these AI tools are being deployed and, in some cases, thrust upon people without serious attention being given to helping them understand how to use them and providing sufficient guardrails to help them stay safe. In the case of open-source tools, this is a nearly impossible thing to manage, I understand. Those tools aren't meant for the mass market so usually, WYSIWYG. And although tools from the big tech companies like Microsoft, OpenAI, Anthropic, and Perplexity do come with more safety and security protections, those benefits often come with added expense. Many tech websites are happy to oblige people searching for free alternatives to Microsoft365, Claude Cowork, or Perplexity Computer.
The genie is out of the bottle so raising concerns here does feel somewhat quixotic. Nevertheless, I do think it would be beneficial if the leaders of the big tech companies that peddle these popular AI tools would do more to socialize the importance of vetting sources, understanding the tools, and being careful about what they're allowed to do. Yet I know this won't happen. We who are aware of what is happening in the tech world need to start doing our own socialization with our friends and family members, especially the ones who consider themselves tech savvy because they will be able to influence others. We have to start talking about AI security the same way we talk about securing passwords, having safe words, and verifying before trusting things on the internet that look legitimate. It has to become part of the regular technology conversation. We can't leave it to big tech and tech websites to help educate society.
It's time to have the talk.
Source:
grith team
