UnitedHealth Group said a ransomware attack in February resulted in more than 100 million individuals having their private health information stolen. The U.S. Department of Health and Human Services first reported the figure on Thursday. TechCrunch reports: The ransomware attack and data breach at Change Healthcare stands as the largest known digital theft of U.S. medical records, and one of the biggest data breaches in living history. The ramifications for the millions of Americans whose private medical information was irretrievably stolen are likely to be life lasting. UHG began notifying affected individuals in late July, which continued through October. The stolen data varies by individual, but Change previously confirmed that it includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver's license numbers, and passport numbers. The stolen health data includes diagnoses, medications, test results, imaging and care and treatment plans, and health insurance information -- as well as financial and banking information found in claims and payment data taken by the criminals.

The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector that relied on Change for handling patient insurance and billing. UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the cyberattack. The ransomware gang's leaders later vanished after absconding with a $22 million ransom paid by the health insurance giant, stiffing the group's contractors who carried out the hacking of Change Healthcare out of their new financial windfall. The contractors took the data they stole from Change Healthcare and formed a new group, which extorted a second ransom from UHG, while publishing a portion of the stolen files online in the process to prove their threat.

There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including LockBit, have been shown to hoard stolen data, even after the victim pays and the criminals claim to have deleted the data. In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data. Efforts by the U.S. government to catch the hackers behind ALPHV/BlackCat, one of the most prolific ransomware gangs today, have so far failed. The gang bounced back following a takedown operation in 2023 to seize the gang's dark web leak site. Months after the Change Healthcare breach, the U.S. State Department upped its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.

Starting next week, Google Photos will label when an image was edited with AI. The Verge reports: "Photos edited with tools like Magic Editor, Magic Eraser and Zoom Enhance already include metadata based on technical standards from The International Press Telecommunications Council (IPTC) to indicate that they've been edited using generative AI," John Fisher, engineering director of Google Photos, wrote in a blog post. "Now we're taking it a step further, making this information visible alongside information like the file name, location and backup status in the Photos app."

The "AI info" section will be found in the image details view of Google Photos both on the web and in the app. These labels won't be limited strictly to generative AI, either. Google says it'll also specify when a "photo" contains elements from several different images -- such as when people use the Pixel's Best Take and Add Me features. [...] "This work is not done, and we'll continue gathering feedback and evaluating additional solutions to add more transparency around AI edits," Fisher wrote.

An anonymous reader quotes a report from TechCrunch: Smashing, a new app curating the best of the web from Goodreads co-founder Otis Chandler, is now available to the public. Like Goodreads, the app aims to create a community around content. But this time, instead of books, the focus is on web content -- like news articles, blog posts, social media posts, podcasts, and more. In addition, Smashing is introducing an AI Questions feature that allows you to engage with the content being shared in different ways, including by viewing a news story from different perspectives or asking the AI to poke holes in the story, among other things. By viewing different angles of a story, you can see how both the political left and right view the subject. Or, in the case of a company's stock, you might be presented with both the bull and bear case.

There are a good handful of AI prompts available at launch, notes Chandler, and not all will make sense to use on every news story or piece of content. For instance, there's a silly "make it funny" prompt, and others that can simplify the story, display a timeline, or introduce "unconventional" takes that may involve thinking outside the box, helping you weigh ideas you hadn't considered yet. You can also ask your own questions, if you prefer. On the app, users are able to create multiple interest feeds to stay informed about the topics that matter to them, like politics, investing, parenting, health and wellness, and more, or even narrower interests like specific companies, sports teams, crypto, climate change, or other subtopics. The app also leverages AI to surface content from around the web and then match it to an individual reader based on what articles they tend to read, what subtopics they like, and what's already popular in the community, as determined by upvotes and downvotes. Combined, the signals tune Smashing to a user's particular interests. As part of the AI Questions feature, Smashing is also introducing AI-powered Story Overview pages, which offer grouped articles, blog posts, and social media posts all about the same story.

Google is introducing a dark mode to the web version of Google Calendar and rolling out a "refreshed user interface." From a report: The new UI will include buttons, dialog boxes, and sidebars that are "more modern and accessible" with improved typefaces. The update started rolling out this week and soon it will be available to everyone, whether they're using a personal Gmail login or any sort of paid Google Workspace account.

[...] Google says the updated calendar UI will also feature "iconography that is legible and crisp, with a fresh feel," using its "custom-designed and highly-legible typefaces" that bring it line with Google's Material Design 3 standards. The updates, including dark mode, will also apply to "the entire calendar web experience," including the task list view.

Notion, the maker of a popular eponymous note-taking app, appears to be getting ready to launch its own email product, called Notion Mail, TechCrunch reported Thursday, citing sources. From the report: Earlier this year, Notion acquired Skiff, a privacy-focused email service and app. At the time, Skiff said that it would provide a 12-month sunset window to users so that they have enough time to migrate to a different email service. For months, users on Reddit have shared hints of Notion working on its email product.

Some folks found the development environment URL, others reportedly found the login page to the email product. At the time of writing, when TechCrunch entered mail.notion.so in a web browser, "Notion Mail" appeared briefly as the page title with a mail logo... But we were then redirected to Notion's main login page.

Anthropic has released an upgraded version of its AI model Claude 3.5 Sonnet and announced a new model, Claude 3.5 Haiku, alongside a public beta feature enabling AI to operate computers like humans. The enhanced Sonnet model improved its coding capabilities, scoring 49% on the SWEbench Verified benchmark, surpassing OpenAI and other competitors. The Haiku model matches the performance of Anthropic's previous flagship Claude 3 Opus while maintaining lower costs and faster speeds.

The computer use feature, available through Anthropic's API and cloud partners, allows Claude to perform tasks like navigating web browsers, filling forms, and manipulating data. Early adopters include Asana, DoorDash, and Replit, though Anthropic -- backed by investors including Google and Amazon -- acknowledges the feature remains experimental and error-prone. Claude 3.5 Haiku will launch later this month, initially supporting text-only inputs with image capabilities to follow.

WordPress sites are being compromised through malicious plugins that display fake software updates and error messages, leading to the installation of information-stealing malware. BleepingComputer reports: Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware. In 2024, a new campaign called ClickFix was introduced that shares many similarities with ClearFake but instead pretends to be software error messages with included fixes. However, these "fixes" are PowerShell scripts that, when executed, will download and install information-stealing malware.

Last week, GoDaddy reported that the ClearFake/ClickFix threat actors have breached over 6,000 WordPress sites to install malicious plugins that display the fake alerts associated with these campaigns. "The GoDaddy Security team is tracking a new variant of ClickFix (also known as ClearFake) fake browser update malware that is distributed via bogus WordPress plugins," explains GoDaddy security researcher Denis Sinegubko. "These seemingly legitimate plugins are designed to appear harmless to website administrators but contain embedded malicious scripts that deliver fake browser update prompts to end-users."

The malicious plugins utilize names similar to legitimate plugins, such as Wordfense Security and LiteSpeed Cache, while others use generic, made-up names. Website security firm Sucuri also noted that a fake plugin named "Universal Popup Plugin" is also part of this campaign. When installed, the malicious plugin will hook various WordPress actions depending on the variant to inject a malicious JavaScript script into the HTML of the site. When loaded, this script will attempt to load a further malicious JavaScript file stored in a Binance Smart Chain (BSC) smart contract, which then loads the ClearFake or ClickFix script to display the fake banners. From web server access logs analyzed by Sinegubko, the threat actors appear to be utilizing stolen admin credentials to log into the WordPress site and install the plugin in an automated manner.

An anonymous reader quotes a report from Ars Technica: 37Signals is not a company that makes its policy or management decisions quietly. The productivity software company was an avowedly Mac-centric shop until Apple's move to kill home screen web apps (or Progressive Web Apps, or PWAs) led the firm and its very-public-facing co-founder, David Heinemeier Hansson, to declare a "Return to Windows," followed by a stew of Windows/Mac/Linux. The company waged a public battle with Apple over its App Store subscription policies, and the resulting outcry helped nudge Apple a bit. 37Signals has maintained an active blog for years, its co-founders and employees have written numerous business advice books, and its blog and social media posts regularly hit the front pages of Hacker News.

So when 37Signals decided to pull its seven cloud-based apps off Amazon Web Services in the fall of 2022, it didn't do so quietly or without details. Back then, Hansson described his firm as paying "an at times almost absurd premium" for defense against "wild swings or towering peaks in usage." In early 2023, Hansson wrote that 37Signals expected to save $7 million over five years by buying more than $600,000 worth of Dell server gear and hosting its own apps.

Late last week, Hansson had an update: it's more like $10 million (and, he told the BBC, more like $800,000 in gear). By squeezing more hardware into existing racks and power allowances, estimating seven years' life for that hardware, and eventually transferring its 10 petabytes of S3 storage into a dual-DC Pure Storage flash array, 37Signals expects to save money, run faster, and have more storage available. "The motto of the 2010s and early 2020s -- all-cloud, everything, all the time -- seems to finally have peaked," Hansson writes. "And thank heavens for that!" He adds the caveat that companies with "enormous fluctuations in load," and those in early or uncertain stages, still have a place in the cloud.

"Who asked for any of this in the first place?" wonders a New York Times consumer-tech writer. (Alternate URL here.) "Judging from the feedback I get from readers, lots of people outside the tech industry remain uninterested in AI — and are increasingly frustrated with how difficult it has become to ignore." The companies rely on user activity to train and improve their AI systems, so they are testing this tech inside products we use every day. Typing a question such as "Is Jay-Z left-handed?" in Google will produce an AI-generated summary of the answer on top of the search results. And whenever you use the search tool inside Instagram, you may now be interacting with Meta's chatbot, Meta AI. In addition, when Apple's suite of AI tools, Apple Intelligence, arrives on iPhones and other Apple products through software updates this month, the tech will appear inside the buttons we use to edit text and photos.

The proliferation of AI in consumer technology has significant implications for our data privacy, because companies are interested in stitching together and analyzing our digital activities, including details inside our photos, messages and web searches, to improve AI systems. For users, the tools can simply be an annoyance when they don't work well. "There's a genuine distrust in this stuff, but other than that, it's a design problem," said Thorin Klosowski, a privacy and security analyst at the Electronic Frontier Foundation, a digital rights nonprofit, and a former editor at Wirecutter, the reviews site owned by The New York Times. "It's just ugly and in the way."

It helps to know how to opt out. After I contacted Microsoft, Meta, Apple and Google, they offered steps to turn off their AI tools or data collection, where possible. I'll walk you through the steps.
The article suggests logged-in Google users can toggle settings at myactivity.google.com. (Some browsers also have extensions that force Google's search results to stop inserting an AI summary at the top.) And you can also tell Edge to remove Copilot from its sidebar at edge://settings.

But "There is no way for users to turn off Meta AI, Meta said. Only in regions with stronger data protection laws, including the EU and Britain, can people deny Meta access to their personal information to build and train Meta's AI." On Instagram, for instance, people living in those places can click on "settings," then "about" and "privacy policy," which will lead to opt-out instructions. Everyone else, including users in the United States, can visit the Help Center on Facebook to ask Meta only to delete data used by third parties to develop its AI.
By comparison, when Apple releases new AI services this month, users will have to opt in, according to the article. "If you change your mind and no longer want to use Apple Intelligence, you can go back into the settings and toggle the Apple Intelligence switch off, which makes the tools go away."

Libreboot is a distribution of coreboot "aimed at replacing the proprietary BIOS firmware contained by most computers."

So then what exactly is GNU Boot? Its home page explains... In November 2022, Libreboot began to include non-libre code. We have made repeated efforts to continue collaboration with those developers to help their version of Libreboot remain libre, but that was not successful. Now we've stepped forward to stand up for freedom, ours and that of the wider community, by maintaining our own version — a genuinely libre Libreboot, that after some hurdles gave birth to this project: GNU Boot.
But today, Phoronix writes: While priding itself on being "100% free", last December [GNU Boot] had to drop some motherboard support and CPU code after discovering they were shipping some files that are non-free by their free software standards. Today they announced another mistake in having inadvertently been shipping additional non-free code.

GNU Boot discovered an issue with non-free code affecting not only them but also some of the Linux distributions that pride themselves on being fully free software / 100% open-source. This latest snafu they say is "more problematic" than their prior non-free code discover due to impacting the free software Linux distributions too. The issue at hand though comes down to test data contained within the archive and that containing non-free code in the form of microcode, BIOS bits, and Intel Management Engine firmware.
"We also contacted Replicant..." according to the announcement, "a free Android distro that also ships vboot source code." And in addition, "We had to re-release all the affected tarballs." (Which at this point is three release candidates...)

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."
"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

The FIDO Alliance is developing new specifications to enable secure transfer of passkeys between different password managers and platforms. Announced this week, the initiative is the result of collaboration among members of the FIDO Alliance's Credential Provider Special Interest Group, including Apple, Google, Microsoft, 1Password, Bitwarden, Dashlane, and others. From a report: Passkeys are an industry standard developed by the FIDO Alliance and the World Wide Web Consortium, and were integrated into Apple's ecosystem with iOS 16, iPadOS 16.1, and macOS Ventura. They offer a more secure and convenient alternative to traditional passwords, allowing users to sign in to apps and websites in the same way they unlock their devices: With a fingerprint, a face scan, or a passcode.

Passkeys are also resistant to online attacks like phishing, making them more secure than things like SMS one-time codes. The draft specifications, called Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF), will standardize the secure transfer of credentials across different providers. This addresses a current limitation where passkeys are often tied to specific ecosystems or password managers. Further reading: Passwords Have Problems, But Passkeys have more.

Amazon said on Wednesday it has signed three agreements on developing the nuclear power technology called small modular reactors, becoming the latest big tech company to push for new sources to meet surging electricity demand from data centers. From a report: Amazon said it will fund a feasibility study for an SMR project near a Northwest Energy site in Washington state. The SMR is planned to be developed by X-Energy. Financial details were not disclosed. Under the agreement, Amazon will have the right to purchase electricity from four modules. Energy Northwest, a consortium of state public utilities, will have the option to add up to eight 80 MW modules, resulting in a total capacity up to 960 MWs, or enough to power the equivalent of more than 770,000 U.S. homes. The additional power would be available to Amazon and utilities to power homes and businesses. "Our agreements will encourage the construction of new nuclear technologies that will generate energy for decades to come," said Matt Garman, CEO of Amazon Web Services. SMRs will have their components built in a factory to reduce construction costs. [...]

Amazon said it is also leading a funding round for $500 million to support X-Energy's development of SMRs. Amazon and X-Energy aim to bring more than 5 gigawatts online in the United States by 2039, which the companies call the largest commercial deployment target of SMRs yet. Amazon also signed an agreement with Dominion Energy, opens new tab to explore the development of an SMR project near the utility's existing power station in Virginia. The about 300 megawatt project would help meet power needs in a region where demand is expected to jump 85% in 15 years, Dominion said.

An anonymous reader quotes a report from Ars Technica: This fall, thousands of fake albums were added to Spotify, with some appearing on real artist pages, where they're positioned to lure unsuspecting listeners into streaming by posing as new releases from favorite bands. An Ars reader flagged the issue after finding a fake album on the Spotify page of an UK psych rock band called Gong. The Gong fan knew that the band had begun touring again after a surprise new release last year, but the "latest release" listed by Spotify wasn't that album. Instead, at the top of Gong's page was a fake self-titled album supposedly released in 2024.

The real fan detected the fake instantly, and not just because the generic electronic music sounded nothing like Gong's experimental sounds. The album's cover also gave the scheme away, using a generic font and neon stock image that invoked none of the trippy imagery that characterized Gong's typical album covers. Ars confirmed with Gong member Dave Sturt that the self-titled item was an obvious fake on Monday. At that time, Sturt said the band was working to get the junk album removed from its page, but as of Tuesday morning, that album remained online, along with hundreds of other albums uploaded by a fake label that former Spotify data "alchemist" Glenn McDonald flagged in a social media post that Spotify seemingly ignored.

On his site, McDonald gathered the junk album data by label, noting that Beat Street Music, which has no web presence but released the fake Gong album, uploaded 240 junk albums on Friday alone. Similarly, Ancient Lake Records uploaded 471 albums on Friday. And Gupta Music added 483 just a few days prior, along with 600 junk albums from Future Jazz Records uploaded between September 30 and October 8. These junk albums don't appear to be specifically targeting popular artists, McDonald told Ars. Rather, generic music is uploaded under a wide range of one-word artist names. However, by using that tactic, some of these fake albums appeared on real artist pages, such as Gong, experimental rock band Swans, and English rock bands Asia and Yes. And that oversight is on Spotify, McDonald suggested. "We are aware of the issue, have relocated the content in question, and are considering our further options against the providing licensor," a Spotify spokesperson said. "When we identify or are alerted to attempts by bad actors to game the system, we take action that may include removing stream counts and withholding royalties. Spotify invests heavily in automated and manual reviews to prevent, detect, and mitigate the impact of bad actors attempting to collect unearned royalties."

An anonymous reader shares a report: If you're a fan of uBlock Origin, don't be surprised if it stops functioning on Chrome. The Google-owned browser has started disabling the free ad blocker as part of the company's plan to phase out older "Manifest V2" extensions. On Tuesday, the developer of uBlock Origin, Raymond Hill, retweeted a screenshot from one user, showing the Chrome browser disabling the ad blocker. "These extensions are no longer supported. Chrome recommends that you remove them," the pop-up from the Chrome browser told the user. In response, Hill wrote: "The depreciation of uBO in the Chrome Web Store has started."

The Internet Archive has resumed operations in a read-only state following a cyberattack that took the digital library offline on October 9, coupled with the theft of 31 million user authentication records. "Safe to resume but might need further maintenance, in which case it will be suspended again," said Brewster Kahle, Internet Archive's founder. The website is currently now allowing users to save pages.

David Heinemeier Hansson, creator of Ruby on Rails and co-founder and chief technology officer of Basecamp-maker 37signals, has criticized Automattic's demand for 8% of vendor WP Engine's revenues as a violation of open source principles and the GPL license. He argues this, among other things, undermines the clarity and certainty of open source licensing, threatening its integrity beyond WordPress. He writes: Ruby on Rails, the open-source web framework I created, has been used to create businesses worth hundreds of billions of dollars combined. Some of those businesses express their gratitude and self-interest by supporting the framework with dedicated developers, membership of The Rails Foundation, or conference sponsorships. But many also do not! And that is absolutely their right, even if it occasionally irks a little.

That's the deal. That's open source. I give you a gift of code, you accept the terms of the license. There cannot be a second set of shadow obligations that might suddenly apply, if you strike it rich using the software. Then the license is meaningless, the clarity all muddled, and certainty lost.

Look, Automattic can change their license away from the GPL any time they wish. The new license will only apply to new code, though, and WP Engine, or anyone else, are eligible to fork the project. That's what happened with Redis after Redis Labs dropped their BSD license and went with a commercial source-available alternative. Valkey was forked from the last free Redis version, and now that's where anyone interested in an open-source Redis implementation is likely to go.

But I suspect Automattic wants to have their cake and eat it too. They want to retain WordPress' shine of open source, but also be able to extract their pound of flesh from any competitor that might appear, whenever they see fit. Screw that.

BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

TechCrunch's Paul Sawers reports: Fledgling fintech startup OpenBB is revealing the next step in its plans to take on the heavyweights of the investment research world. The company is launching a new, free version of a product that will open its arsenal of data and financial tooling to more users. OpenBB is the handiwork of software engineer Didier Lopes, who launched the Python-based platform back in 2021 as a way for amateur investors and enthusiasts to do investment research using different datasets for free, via a command line interface (CLI). The company went on to raise $8.5 million in seed funding from OSS Capital and angel investors such as Ram Shriram, an early backer of Google. While the community-based, open source project has amassed some 50,000 users, OpenBB has also been building an enterprise incarnation called Terminal Pro. This paid version gives teams access to an interface, pre-built database integrations, an Excel add-in, and various security and support bolt-ons that would appeal to larger businesses. [...]

The all-new OpenBB Terminal -- not to be confused with the previous CLI-based OpenBB Terminal that the startup sunsetted in March -- is a full-fledged web app, though it strips out many of the premium features of Terminal Pro. It's fully customizable, can run on any operating system or platform, and provides access to an AI-enabled OpenBB copilot. Like the previous OpenBB Terminal, the all-new web app is also free to use. OpenBB Terminal is perhaps something of a middle ground between the CLI centricity of the open source project and the bells-and-whistles feature set of the enterprise product.

The OpenBB Terminal serves as a single end point for accessing financial information from some 100 data sources, spanning equity, options, forex, the macro economy, and more. Users can also throw all their new data into the mix -- the community has previously contributed financial datasets such as historical currency exchange rates and crypto pricing data. There are also a slew of extensions and toolkits to bring more functionality to OpenBB -- such as an AI stock analysis agent. Users are free to incorporate their own AI systems and large language models (LLMs), which might be particularly important for security and compliance use cases. But with the OpenBB Copilot, categorized as a "compound AI system," users can run natural-language queries about their data out of the box. While OpenBB has been likened to an "open-source Bloomberg," TechCrunch notes that it's not a direct competitor due to Bloomberg's massive data resources and built-in chat functionality. OpenBB, however, offers flexibility with its open-source platform and customization options.

OpenBB filed for a trademark, but Bloomberg has requested an extension to potentially oppose it, despite the company asserting there's no link between OpenBB and Bloomberg's abbreviation "BBG". Lopes says the name originates from BlackBerry stock, where the founders had lost money during the meme stock craze.

"Pine64 has confirmed that its open-source e-ink tablet is returning," reports the blog OMG Ubuntu: The [10.1-inch e-ink display] PineNote was announced in 2021, building on the success of its non-SBC devices like the PinePhone (and later Pro model), the PineTab, and PineBook devices. Like most of Pine64's devices, software support is largely tackled by the community. But only a small batch of developer units were ever sold, primarily by enthusiasts within the open-source community who had the knowledge and desire to work on getting a modern Linux OS to run on the hardware, and adapt to the e-ink display.

That process has taken a while, as Pine64's community bloggers explain:

"The PineNote was stuck in a chicken-and-egg situation because of the very high cost of manufacturing the device (ePaper screens are sadly still expensive), and so the risk of manufacturing units that then didn't have a working Linux OS and would not sell was huge."

However, the proverbial egg has finally hatched. The PineNote now has a reliable Debian-based OS, developed by Maximilian Weigand. This is described as "not only a bare-bones capable OS but a genuinely daily-usable system that 'just works'" according to the Pine64 blog. ["This is excellent as it also moves the target audience from developers to every day users. You should be able to power on the device and drop into a working Gnome experience."] It is said to use the GNOME desktop plus a handful of extensions designed to ensure the UI adapts to working well with an e-ink display. Software pre-installed includes Xournal++ for note taking, Firefox for web browsing, and Foliate for reading ebooks, among others. [And it even runs Doom...]

Existing PineNote owners can download the the new OS image, flash it to their device, and help test it... Touch and stylus input are major selling points of the PineNote, positioning it as a libre alternative to leading e-ink note-taking devices like the Remarkable 2, Onyx BOOX, and Amazon Scribe.
"I do not (yet) have a launch date target," according to the blog post, "as behind-the-scenes the Pine Store team are still working on all things production."

But the update also links to some blog posts about their free and open source smartwatch PineTime...