Google has taken a significant step toward a passwordless future with the start of an open beta for passkeys on Workspace accounts. From a report: Starting today, June 5th, over 9 million organizations can allow their users to sign in to a Google Workspace or Google Cloud account using a passkey instead of their usual passwords.

Passkeys are a new form of passwordless sign-in tech developed by the FIDO Alliance, whose members include industry giants like Google, Apple, and Microsoft. Passkeys allow users to log in to websites and apps using their device's own authentication, such as a laptop with Windows Hello, an Android phone with a fingerprint sensor, or an iPhone with Face ID, instead of traditional passwords and other sign-in systems like 2FA or SMS verification. Because passkeys are based on public key cryptographic protocols, there's no fixed "sequence" that can be stolen or leaked in phishing attacks.

An anonymous reader quotes a report from The Guardian: Ten lighthouses that for generations have stood like sentinels along America's shorelines protecting mariners from peril and guiding them to safety are being given away at no cost or sold at auction by the federal government. The aim of the program run by the General Services Administration is to preserve the properties, most of which are more than a century old. The development of modern technology, including GPS, means lighthouses are no longer essential for navigation, said John Kelly of the GSA's office of real property disposition. And while the Coast Guard often maintains aids to navigation at or near lighthouses, the structures themselves are often no longer mission critical.

Yet the public remains fascinated by the evocative beacons, which are popular tourist attractions, beloved local landmarks and the subject of countless photographers and artists, standing lonely but strong against tides and storms, day and night and flashing life-saving beams of light whatever the weather. "People really appreciate the heroic role of the solitary lighthouse keeper," he said, explaining their allure. "They were really the instruments to provide safe passage into some of these perilous harbors which afforded communities great opportunities for commerce, and they're often located in prominent locations that offer breathtaking views."

The GSA has been transferring ownership of lighthouses since Congress passed the National Historic Lighthouse Preservation Act in 2000. About 150 lighthouses have been transferred, 80 or so given away and another 70 auctioned, raising more than $10m. This year, six lighthouses are being offered at no cost to federal, state or local government agencies, non-profits, educational organizations or other entities that are willing to maintain and preserve them and make them publicly available for educational, recreational or cultural purposes. [...] Some past lighthouse sales have ended up with them converted into private residences.

AI startup Hugging Face and ServiceNow Research, ServiceNow's R&D division, have released StarCoder, a free alternative to code-generating AI systems along the lines of GitHub's Copilot. From a report: Code-generating systems like DeepMind's AlphaCode; Amazon's CodeWhisperer; and OpenAI's Codex, which powers Copilot, provide a tantalizing glimpse at what's possible with AI within the realm of computer programming. Assuming the ethical, technical and legal issues are someday ironed out (and AI-powered coding tools don't cause more bugs and security exploits than they solve), they could cut development costs substantially while allowing coders to focus on more creative tasks.

According to a study from the University of Cambridge, at least half of developers' efforts are spent debugging and not actively programming, which costs the software industry an estimated $312 billion per year. But so far, only a handful of code-generating AI systems have been made freely available to the public -- reflecting the commercial incentives of the organizations building them (see: Replit). StarCoder, which by contrast is licensed to allow for royalty-free use by anyone, including corporations, was trained on over 80 programming languages as well as text from GitHub repositories, including documentation and programming notebooks. StarCoder integrates with Microsoft's Visual Studio Code code editor and, like OpenAI's ChatGPT, can follow basic instructions (e.g., "create an app UI") and answer questions about code.

Balaji Srinivasan, the former chief technology officer of Coinbase Global, said he closed out what appeared to be a losing bet that Bitcoin would rise to $1 million within 90 days. From a report: Srinivasan said he gave $1 million to two organizations, including Bitcoin Core development team at researcher Chaincode Labs, as well as paying $500,000 to someone who goes by James Medlock on Twitter, and who won the wager. The goal of the bet, Srinivasan reiterated in a Twitter post and a short video Tuesday, was to show that fiat currencies such as the dollar are in trouble, and that those troubles will push Bitcoin's price up. At $28,710, Bitcoin is about 10% up from when Srinivasan accepted the bet on March 17. "The reason that I did that is I wanted to tell you in a provable way that there's something wrong in the economy and the state isn't telling you about it," Srinivasan said in the video, recounting troubles with US banks, sovereign debt and other potential issues. "That is what I am doing at my own expense, I am raising public alarm."

A shocking number of organizations -- including banks and healthcare providers -- are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. From the report: The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in. Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites. Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). The guest access feature allows unauthenticated users to view specific content and resources without needing to log in.

However, sometimes Salesforce administrators mistakenly grant guest users access to internal resources, which can cause unauthorized users to access an organization's private information and lead to potential data leaks. Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant's full name, Social Security number, address, phone number, email, and bank account number.

In early April with the start of previews for "Windows Frontline" -- a service that provides a single license for frontline employees to use up to three Cloud PCs, Microsoft floated the idea that businesses should buy fewer PCs. The Register reports: The "Frontline" name hints at its purpose: Microsoft thinks this license will benefit organizations that employ shift workers in roles like customer support or healthcare. Microsoft imagines shift workers will log on for eight hours, then the next worker on duty will do likewise, and advances this as a fairer way to charge than assuming cloud PCs are used 24x7. To burnish that argument, Microsoft's launch material for Windows Frontline included research (PDF) by tech sustainability consultancy Px3 that tries to answer the question "Can modern work applications and endpoints abate end user computing greenhouse gas emissions and drive climate action?" The answer is "Yes," when one considers cloudy PCs to be "modern endpoints."

The research reaches that conclusion with analysis of the energy consumption of desktop computers, laptops, tablets, and thin clients, compared to the impact of running a Cloud PC. The research also considers bring your own PC plans that see business fund the acquisition of PCs that their staff use for personal and employment purposes, meaning fewer devices need to be summoned into existence and fewer resources are consumed because users operate one machine instead of two. Px3 instead imagines that end users and their sole device to access a Windows365 Cloud PC when they're on the clock. Doing so would mean corporate PC replacement cycles could stretch to eight years!

Readers will not be surprised that the research found the combination of Windows365 and a bring your own PC plan has significantly lower environmental impact and is therefore a jolly good idea. The research's concluding paragraph states "it is reasonable to state that modern work applications and endpoint computers not only abate GHG emissions, they are perhaps critical to securing a sustainable future." That's perhaps a little overblown but the point is made: slowing consumption is a good idea and it's now possible to turn down the speed of the PC upgrade treadmill.

Public sector workers in an eastern Chinese city are set to be paid fully in digital yuan, as the country makes a significant push to popularize the currency. From a report: Changshu, located in the province of Jiangsu, will start the new payment process in May, according to an official document widely posted on government websites. This is the biggest rollout of the currency, also known as the e-CNY, in China so far, according to state media. Government employees as well as staff at state-owned companies and public institutions such as schools, hospitals, libraries, research institutes and media organizations in the city will be affected. Changshu, a city of 1.7 million residents, was already experimenting with the digital yuan, a form of money that exists only online and is managed and backed by China's central bank. Like cryptocurrency, the digital yuan incorporates some elements of blockchain technology: Every transaction is recorded and traceable in a digital ledger. Since last October, Changshu has been paying the transit subsidies for some government employees in digital yuan. China is already on the verge of becoming a cashless society, but the vast majority of electronic transactions happen on privately owned apps (Alipay and WeChat Pay), outside of the immediate purview of the state.

Today, Sonos is introducing Sonos Pro, a new service targeted at businesses -- restaurants, bars, and retail stores -- that makes it easy to play music across numerous locations without breaking any licensing rules. Sonos Pro works with all S2-compatible hardware including the Ikea Symfonisk line and, if you're into retrofitting existing speakers, the Amp and Port. The Verge reports: Pro customers will gain access to a web portal that lets them remotely control what's playing in each of their locations (divided into different zones) and perform troubleshooting from afar. If you're a normal consumer and want to reset your Sonos system at home, you've got to unplug the products, but Pro customers will be able to do it with software. They'll also have the ability to schedule particular genres for different times of the day to lock in the right atmosphere for their business. Want to keep the volume low in the mornings when you've got less foot traffic and automatically raise it during peak hours? Sonos Pro can do that.

The monthly Sonos Pro subscription, priced at $35 per business location, will include "Sonos Backgrounds." This is a commercially licensed music service featuring a range of royalty-free music from independent artists that's all legally compliant for streaming at business establishments. If you're wondering why that's necessary, businesses technically aren't allowed to just start playing Spotify, Apple Music, or other mainstream music apps over their speakers. Spotify says so right here. Those services are only licensed for personal use; playing them in a public setting counts as a live performance, and that's a no-no unless you've paid for the necessary licenses from ASCAP, BMI, and other organizations. That can get extremely complicated in and of itself.

The service will provide deep, granular control over the entire system in a commercial space. You can set maximum volume limits for each speaker or enable / disable features like AirPlay, line-in playback, and more. If you want to give your staff access to Spotify after hours, that's doable with an "allow direct control" setting. Speaking of which, business owners can grant their employees access to Sonos Pro and set different permission tiers for each person. And again, this can all be done remotely. Try adjusting settings (or even switching your Wi-Fi network) for Sonos devices on a regular account, and it can get messy fast. If you're away from the devices, forget about it.

The Python Software Foundation is "concerned that proposed EU cybersecurity laws will leave open source organizations and individuals unfairly liable for distributing incorrect code," according to the Register. The PSF reviewed the EU's proposed "Cyber Resilience Act" and "Product Liability Act" and reports "issues that put the mission of our organization and the health of the open-source software community at risk."

From the Register's report: "If the proposed law is enforced as currently written, the authors of open-source components might bear legal and financial responsibility for the way their components are applied in someone else's commercial product," the PSF said in a statement shared on Tuesday by executive director Deb Nicholson. "The existing language makes no differentiation between independent authors who have never been paid for the supply of software and corporate tech behemoths selling products in exchange for payments from end-users...."

The PSF argues the EU lawmakers should provide clear exemptions for public software repositories that serve the public good and for organizations and developers hosting packages on public repositories. "We need it to be crystal clear who is on the hook for both the assurances and the accountability that software consumers deserve," the PSF concludes. The PSF is asking anyone who shares its concerns to convey that sentiment to an appropriate EU Member of Parliament by April 26, while amendments focused on protecting open source software are being considered.

Bradley Kuhn, policy fellow at the Software Freedom Conservancy, told The Register that the free and open source (FOSS) community should think carefully about the scope of the exemptions being sought. "I'm worried that many in FOSS are falling into a trap that for-profit companies have been trying to lay for us on this issue," he said. "While it seems on the surface that a blanket exception for FOSS would be a good thing for FOSS, in fact, this an attempt for companies to get the FOSS community to help them skirt their ordinary product liability. For profit companies that deploy FOSS should have the same obligations for security and certainty for their users as proprietary software companies do."
The article points out that numerous tech organizations are urging clarifications in the proposed regulations, including NLnet Labs and the Eclipse Foundation.

An anonymous reader quotes a report from MIT Technology Review: When computer science students and faculty at Carnegie Mellon University's Institute for Software Research returned to campus in the summer of 2020, there was a lot to adjust to. Beyond the inevitable strangeness of being around colleagues again after months of social distancing, the department was also moving into a brand-new building: the 90,000-square-foot, state-of-the-art TCS Hall. The hall's futuristic features included carbon dioxide sensors that automatically pipe in fresh air, a rain garden, a yard for robots and drones, and experimental super-sensing devices called Mites. Mounted in more than 300 locations throughout the building, these light-switch-size devices can measure 12 types of data -- including motion and sound. Mites were embedded on the walls and ceilings of hallways, in conference rooms, and in private offices, all as part of a research project on smart buildings led by CMU professor Yuvraj Agarwal and PhD student Sudershan Boovaraghavan and including another professor, Chris Harrison. "The overall goal of this project," Agarwal explained at an April 2021 town hall meeting for students and faculty, is to "build a safe, secure, and easy-to-use IoT [Internet of Things] infrastructure," referring to a network of sensor-equipped physical objects like smart light bulbs, thermostats, and TVs that can connect to the internet and share information wirelessly.

Not everyone was pleased to find the building full of Mites. Some in the department felt that the project violated their privacy rather than protected it. In particular, students and faculty whose research focused more on the social impacts of technology felt that the device's microphone, infrared sensor, thermometer, and six other sensors, which together could at least sense when a space was occupied, would subject them to experimental surveillance without their consent. "It's not okay to install these by default," says David Widder, a final-year PhD candidate in software engineering, who became one of the department's most vocal voices against Mites. "I don't want to live in a world where one's employer installing networked sensors in your office without asking you first is a model for other organizations to follow." All technology users face similar questions about how and where to draw a personal line when it comes to privacy. But outside of our own homes (and sometimes within them), we increasingly lack autonomy over these decisions. Instead, our privacy is determined by the choices of the people around us. Walking into a friend's house, a retail store, or just down a public street leaves us open to many different types of surveillance over which we have little control. Against a backdrop of skyrocketing workplace surveillance, prolific data collection, increasing cybersecurity risks, rising concerns about privacy and smart technologies, and fraught power dynamics around free speech in academic institutions, Mites became a lightning rod within the Institute for Software Research.

Voices on both sides of the issue were aware that the Mites project could have an impact far beyond TCS Hall. After all, Carnegie Mellon is a top-tier research university in science, technology, and engineering, and how it handles this research may influence how sensors will be deployed elsewhere. "When we do something, companies [and] other universities listen," says Widder. Indeed, the Mites researchers hoped that the process they'd gone through "could actually be a blueprint for smaller universities" looking to do similar research, says Agarwal, an associate professor in computer science who has been developing and testing machine learning for IoT devices for a decade. But the crucial question is what happens if -- or when -- the super-sensors graduate from Carnegie Mellon, are commercialized, and make their way into smart buildings the world over. The conflict is, in essence, an attempt by one of the world's top computer science departments to litigate thorny questions around privacy, anonymity, and consent. But it has deteriorated from an academic discussion into a bitter dispute, complete with accusations of bullying, vandalism, misinformation, and workplace retaliation. As in so many conversations about privacy, the two sides have been talking past each other, with seemingly incompatible conceptions of what privacy means and when consent should be required. Ultimately, if the people whose research sets the agenda for technology choices are unable to come to a consensus on privacy, where does that leave the rest of us?

An anonymous reader quotes a report from Motherboard: Late Tuesday night, the Missouri House of Representatives voted for a state operating budget with a $0 line for public libraries. While the budget still needs to work its way through the Senate and the governor's office, state funding for public libraries is very much on the chopping block in Missouri. This comes after Republican House Budget Chairman Cody Smith proposed a $4.5 million cut to public libraries' state aid last week in the initial House Budget Committee hearing, where Smith cited a lawsuit filed against Missouri by the American Civil Liberties Union of Missouri (ACLU-MO) as the reason for the cut.

ACLU-MO filed the suit on behalf of the Missouri Association of School Librarians and the Missouri Library Association (MLA) in an effort to overturn a state law passed in 2022 that bans sexually explicit material from schools. Since it was first enacted in August, librarians and other educators have faced misdemeanor charges punishable by up to a year in jail or a $2,000 fine for giving students access to books the state has deemed sexually explicit. The Missouri law defined (PDF) explicit sexual material as images "showing human masturbation, deviate sexual intercourse," "sexual intercourse, direct physical stimulation of genitals, sadomasochistic abuse," or showing human genitals. The lawsuit claims that school districts have been pulling books from their shelves.

"The house budget committee's choice to retaliate against two private, volunteer-led organizations by punishing the patrons of Missouri's public libraries is abhorrent," Tom Bastian, deputy director for communications for ACLU-MO said in a statement to Motherboard. Like in all ACLU cases, the organization is not charging the two Missouri library groups for services. Both library organizations are also run by volunteers -- every state has an equivalent of these two organizations that serve public and school libraries. In other words, a politician either lied or didn't have his facts straight, and now 160 library districts risk losing state aid in June. "State Aid helps libraries provide relevant collections, literacy based programming, and technology resources to their communities," Otter Bowman, president of the MLA told Motherboard in a statement. "Our rural libraries rely the most heavily on this funding to serve their communities, and they will be crippled by this drastic budget cut."

Microsoft said Monday it is starting to roll out a faster new version of its Teams communication app for Windows to commercial clients enrolled in a preview program. CNBC reports: The software will become available to all customers later this year, and Microsoft also promises new versions of Teams for Mac and the web. The new version also includes enhancements meant to simplify Teams, building on the more than 400 feature updates Microsoft delivered last year, some of them meant to help Microsoft catch up with rivals. Competition comes from the likes of Cisco, Google, Salesforce-owned Slack and Zoom. Instead of displaying a kind of ribbon of functions for a chat, Teams will hide several options behind a plus sign that people can click on. It's a concept people have become accustomed to on other messaging applications. For example, in Slack, users can upload documents or set reminders after clicking on a plus sign under the area where they type messages.

During Teams video calls, the software will show every participant on screen in a box of the same size, rather than giving more space to participants with their cameras on. Until now, Teams calls have sometimes resembled Piet Mondrian paintings characterized by their squares and rectangles of varying sizes and colors. Microsoft is also adjusting Teams so that people who belong to multiple organizations can more easily stay on top of what's going on. "Instead of logging in and out of different tenants and accounts, you can now stay signed in across them all -- receiving notifications no matter which one you are currently using," [Jeff Teper, president of collaborative apps and platforms at Microsoft] wrote in a blog post.

The BBC has advised staff to delete TikTok from corporate phones because of privacy and security fears. From a report: The BBC seems to be the first UK media organisation to issue the guidance - and only the second in the world after Denmark's public service broadcaster. The BBC said it would continue to use the platform for editorial and marketing purposes for now. [...] The big fear is that data harvested by the platform from corporate phones could be shared with the Chinese government by TikTok's parent company ByteDance, because its headquarters are in Beijing.

In an email to staff on Sunday, it said: "The decision is based on concerns raised by government authorities worldwide regarding data privacy and security. If the device is a BBC corporate device, and you do not need TikTok for business reasons, TikTok should be deleted from the BBC corporate mobile device." Staff with the app on a personal phone that they also use for work have been asked to contact the corporation's Information Security team for further discussions, while it reviews concerns around TikTok. Dominic Ponsford, editor-in-chief of journalism industry trade publication the Press Gazette, said it would be interesting to see what other media organizations decide to do. He told the BBC: "I suspect everyone's chief technical officer will be looking at this very closely. Until now, news organizations have been very keen to use TikTok, because it's been one of the fastest-growing social media platforms for news publishers over the last year, and it's been a good source of audience and traffic. So most of the talk in the news media has been around encouraging TikTok rather than banning it."

Long-time Slashdot reader theodp shares a fresh perspective on how the "pause" announced for building Amazon's HQ2 headquarters could impact the local community: The Falls Church News-Press notes that Amazon's pause announcement came just days after a 12-page glossy mass mailing entitled Capital Region Community Impact Report went out to thousands in the region.

Beginning with a statement from Amazon CEO Andy Jassy, the report spelled out "Amazon's philanthropic commitments in the Capital Region," including $32M donated to 150+ local organizations in 2021, $990M+ committed to create and preserve 6,245 affordable housing units. 13,700 people supported by Amazon-funded affordable housing investments and 23,000 students who received food, clothing, school supplies, hygiene items and other urgent support through Amazon's Right Now Needs Fund.

According to the report, the commitments also included benefits to 75,000+ students across 343 schools who received computer science education through the Amazon Future Engineer program, to 166,000+ students who participated in the CodeVA K-12 CS education program during the 2021-22 academic year, the 5.3 million free meals delivered to underserved families in partnership with Northern Virginia food banks, 10,000 meals purchased from local restaurants and donated to support Covid-19 first responders, $350,000 contributed to local community theaters and arts-focused non-profits, to 6,000 students who explored cloud computing solutions at the Wakefield H.S. Think Big in the 2021-22 academic year, the 200,000 children and families from underserved communities who received free access to the National Children's Museum through a $250,000 gift from Amazon, and the 16,700+ students served by Amazon's support for local youth sports leagues.

Not to look an Amazon philanthropy gift horse in the mouth, but should politicians be reliant on Amazon philanthropy to meet their communities' basic needs? Amazon's 2022 income taxes, by the way, were -$3.217B.

Ryan Graves, former Lt. U.S. Navy and F/A-18F pilot who was the first active-duty fighter pilot to come forward publicly about regular sightings of UAP, says more data is needed about unidentified anomalous phenomena (UAP). "We should encourage pilots and other witnesses to come forward and keep the pressure on Congress to prioritize UAP as a matter of national security," writes Graves in an opinion piece for The Hill. An anonymous Slashdot reader shares an excerpt from his report: As a former U.S. Navy F/A-18 fighter pilot who witnessed unidentified anomalous phenomena (UAP) on a regular basis, let me be clear. The U.S. government, former presidents, members of Congress of both political parties and directors of national intelligence are trying to tell the American public the same uncomfortable truth I shared: Objects demonstrating extreme capabilities routinely fly over our military facilities and training ranges. We don't know what they are, and we are unable to mitigate their presence. The Office of the Director of National Intelligence (ODNI) last week published its second ever report on UAP activity. While the unclassified version is brief, its findings are sobering. Over the past year, the government has collected hundreds of new reports of enigmatic objects from military pilots and sensor systems that cannot be identified and "represent a hazard to flight safety." The report also preserves last year's review of the 26-year reporting period that some UAP may represent advanced technology, noting "unusual flight characteristics or performance capabilities."

Mysteriously, no UAP reports have been confirmed to be foreign so far. However, just this past week, a Chinese surveillance balloon shut down air traffic across the United States. How are we supposed to make sense of hundreds of reports of UAP that violate restricted airspace uncontested and interfere with both civilian and military pilots? Here is the hard truth. We don't know. UAP are a national security problem, and we urgently need more data.

Why don't we have more data? Stigma. I know the fear of stigma is a major problem because I was the first active-duty fighter pilot to come forward publicly about regular sightings of UAP, and it was not easy. There has been little support or incentive for aircrew to speak publicly on this topic. There was no upside to reporting hard-to-explain sightings within the chain of command, let alone doing so publicly. For pilots to feel comfortable, it will require a culture shift inside organizations and in society at large. I have seen for myself on radar and talked with the pilots who have experienced near misses with mysterious objects off the Eastern Seaboard that have triggered unsafe evasive actions and mandatory safety reports. There were 50 or 60 people who flew with me in 2014-2015 and could tell you they saw UAP every day. Yet only one other pilot has confirmed this publicly. I spoke out publicly in 2019, at great risk personally and professionally, because nothing was being done. The ODNI report itself notes that concentrated efforts to reduce stigma have been a major reason for the increase in reports this year. To get the data and analyze it scientifically, we must uproot the lingering cultural stigma of tin foil hats and "UFOs" from the 1950s that stops pilots from reporting the phenomena and scientists from studying it. Last September, the U.S. Navy said that all of the government's UFO videos are classified information and releasing any additional UFO videos would "harm national security."

Organizations using Microsoft's Defender for Endpoint will now be able to isolate Linux devices from their networks to stop miscreants from remotely connecting to them. The Register reports: The device isolation capability is in public preview and mirrors what the product already does for Windows systems. "Some attack scenarios may require you to isolate a device from the network," Microsoft wrote in a blog post. "This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. Just like in Windows devices, this device isolation feature." Intruders won't be able to connect to the device or run operations like assuming unauthorized control of the system or stealing sensitive data, Microsoft claims.

According to the vendor, when the device is isolated, it is limited in the processes and web destinations that are allowed. That means if they're behind a full VPN tunnel, they won't be able to reach Microsoft's Defender for Endpoint cloud services. Microsoft recommends that enterprises use a split-tunneling VPN for cloud-based traffic for both Defender for Endpoint and Defender Antivirus. Once the situation that caused the isolation is cleared up, organizations will be able to reconnect the device to the network. Isolating the system is done via APIs. Users can get to the device page of the Linux systems through the Microsoft 365 Defender portal, where they will see an "Isolate Device" tab in the upper right among other response actions. Microsoft has outlined the APIs for both isolating the device and releasing it from lock down.

Kevin Systrom and Mike Krieger are back. From a report: The Instagram co-founders, who departed Facebook in 2018 amid tensions with their parent company, have formed a new venture to explore ideas for next-generation social apps. Their first product is Artifact, a personalized news feed that uses machine learning to understand your interests and will soon let you discuss those articles with friends. Artifact -- the name represents the merging of articles, facts, and artificial intelligence -- is opening up its waiting list to the public today. The company plans to let users in quickly, Systrom says. You can sign up yourself here; the app is available for both Android and iOS.

The simplest way to understand Artifact is as a kind of TikTok for text, though you might also call it Google Reader reborn as a mobile app, or maybe even a surprise attack on Twitter. The app opens to a feed of popular articles chosen from a curated list of publishers ranging from leading news organizations like the New York Times to small-scale blogs about niche topics. Tap on articles that interest you and Artifact will serve you similar posts and stories in the future, just as watching videos on TikTok's For You page tunes its algorithm over time.

An anonymous reader quotes a report from the Daily Dot: An unsecured server discovered by a security researcher last week contained the identities of hundreds of thousands of individuals from the U.S. government's Terrorist Screening Database and "No Fly List." Located by the Swiss hacker known as maia arson crimew, the server, run by the U.S. national airline CommuteAir, was left exposed on the public internet. It revealed a vast amount of company data, including private information on almost 1,000 CommuteAir employees. Analysis of the server resulted in the discovery of a text file named "NoFly.csv," a reference to the subset of individuals in the Terrorist Screening Database who have been barred from air travel due to having suspected or known ties to terrorist organizations.

The list, according to crimew, appeared to have more than 1.5 million entries in total. The data included names as well as birth dates. It also included multiple aliases, placing the number of unique individuals at far less than 1.5 million. [...] In a statement to the Daily Dot, CommuteAir said that the exposed infrastructure, which it described as a development server, was used for testing purposes. CommuteAir added that the server, which was taken offline prior to publication after being flagged by the Daily Dot, did not expose any customer information based on an initial investigation. CommuteAir also confirmed the legitimacy of the data, stating that it was a version of the "federal no-fly list" from roughly four years prior. [...] The server also held the passport numbers, addresses, and phone numbers of roughly 900 company employees. User credentials to more than 40 Amazon S3 buckets and servers run by CommuteAir were also exposed.

An anonymous reader quotes a report from TechCrunch: Anthropic, the startup co-founded by ex-OpenAI employees that's raised over $700 million in funding to date, has developed an AI system similar to OpenAI's ChatGPT that appears to improve upon the original in key ways. Called Claude, Anthropic's system is accessible through a Slack integration as part of a closed beta. Claude was created using a technique Anthropic developed called "constitutional AI." As the company explains in a recent Twitter thread, "constitutional AI" aims to provide a "principle-based" approach to aligning AI systems with human intentions, letting AI similar to ChatGPT respond to questions using a simple set of principles as a guide.

To engineer Claude, Anthropic started with a list of around ten principles that, taken together, formed a sort of "constitution" (hence the name "constitutional AI"). The principles haven't been made public, but Anthropic says they're grounded in the concepts of beneficence (maximizing positive impact), nonmaleficence (avoiding giving harmful advice) and autonomy (respecting freedom of choice). Anthropic then had an AI system -- not Claude -- use the principles for self-improvement, writing responses to a variety of prompts (e.g., "compose a poem in the style of John Keats") and revising the responses in accordance with the constitution. The AI explored possible responses to thousands of prompts and curated those most consistent with the constitution, which Anthropic distilled into a single model. This model was used to train Claude. Claude, otherwise, is essentially a statistical tool to predict words -- much like ChatGPT and other so-called language models. Fed an enormous number of examples of text from the web, Claude learned how likely words are to occur based on patterns such as the semantic context of surrounding text. As a result, Claude can hold an open-ended conversation, tell jokes and wax philosophic on a broad range of subjects. [...]

So what's the takeaway? Judging by secondhand reports, Claude is a smidge better than ChatGPT in some areas, particularly humor, thanks to its "constitutional AI" approach. But if the limitations are anything to go by, language and dialogue is far from a solved challenge in AI. Barring our own testing, some questions about Claude remain unanswered, like whether it regurgitates the information -- true and false, and inclusive of blatantly racist and sexist perspectives -- it was trained on as often as ChatGPT. Assuming it does, Claude is unlikely to sway platforms and organizations from their present, largely restrictive policies on language models. Anthropic says that it plans to refine Claude and potentially open the beta to more people down the line. Hopefully, that comes to pass -- and results in more tangible, measurable improvements.

An anonymous reader quotes a report from Wired: Early this week, tractor maker John Deere said it had signed a memorandum of understanding with the American Farm Bureau Federation, an agricultural trade group, promising to make it easier for farmers to access tools and software needed to repair their own equipment. The deal looked like a concession from the agricultural equipment maker, a major target of the right-to-repair movement, which campaigns for better access to documents and tools needed for people to repair their own gear. But right-to-repair advocates say that despite some good points, the agreement changes little, and farmers still face unfair barriers to maintaining equipment they own.

Kevin O'Reilly, a director of the right-to-repair campaign run by the US Public Interest Research Group, a grassroots lobbying organization, says the timing of Deere's deal suggests the company may be trying to quash recent interest in right-to-repair laws from state legislators. In the past two years, corn belt states including Nebraska and Missouri, and also Montana, have considered giving farmers a legal right to tools needed to repair their own equipment. But no laws have been passed. "The timing of this new agreement is no accident," O'Reilly says. "This could be part of an effort to take the wind out of the sails of right-to-repair legislation." Indeed, one section of the memorandum takes direct aim at proposals to enshrine the right to repair into law. It states that the American Farm Bureau Foundation "agrees to encourage state Farm Bureau organizations to recognize the commitments made in this MOU and refrain from introducing, promoting, or supporting federal or state Right to Repair legislation that imposes obligations beyond the commitments in this MOU."

Walter Schweitzer, a Montana-based cattle farmer and right-to-repair advocate, calls the new agreement "a Groundhog Day sort of thing" -- a repeat of something he has seen before. The memorandum is similar to one signed in 2018 by the California Farm Bureau, the state's largest organization for farmers' interests, and the Equipment Dealers Association, which represents Deere, he says. But little changed afterward, in his view. [...] The new agreement isn't legally binding. It states that should either party determine that the MOU is no longer viable, all they have to do is provide written notice to the other party of their intent to withdraw. And both US PIRG and Schweitzer note that other influential farmers groups are not party to the agreement, such as the National Farmers Union, where Schweitzer is a board member and runs the Montana chapter. Schweitzer is also concerned by the way the agreement is sprinkled with promises to offer farmers or independent repair shops "fair and reasonable terms" on access to tools or information. "'Fair and reasonable' to a multibillion-dollar company can be a lot different for a farmer who is in debt, trying to make payments on a $200,000 tractor and then has to pay $8,000 to $10,000 to purchase hardware for repairs," he says.