Washington Post: The Consumer Financial Protection Bureau has taken steps to place Google under formal federal supervision, an extraordinary move that could subject the technology giant to the regular inspections and other rigorous monitoring that the government imposes on major banks.

Google has fiercely resisted the idea over months of highly secretive talks, according to two people familiar with the discussions, who spoke on the condition of anonymity to describe them -- setting up what may ultimately be a major legal clash with vast implications for the CFPB's powers in the digital age.

The exact scope of the CFPB's concerns is not clear, and its order does not appear to be final. The political fate of the bureau's work under Director Rohit Chopra is also in doubt, as the watchdog agency braces for potentially significant changes to its leadership and agenda with the return of President-elect Donald Trump to the White House.

Formed in the aftermath of the 2008 financial crisis, the CFPB has broad powers to protect consumers from unfair, deceptive or predatory financial practices. That includes the ability to place certain firms under supervision, a status that can afford regulators direct access to the company's internal records to ensure their activities are sound -- and seek fixes if they are not.

If you have Spotify's soon-to-be-bricked Car Thing, there are a few ways you can give it a new lease on life. YouTuber Dammit Jeff has showcased modifications to Car Thing that makes the device useful as a desktop music controller, customizable shortcut tool, or a simple digital clock. Ars Technica's Kevin Purdy reports: Spotify had previously posted the code for its uboot and kernel to GitHub, under the very unassuming name "spsgsb" and with no announcement (as discovered by Josh Hendrickson). Jeff has one idea why the streaming giant might not have made much noise about it: "The truth is, this thing isn't really great at running anything." It has half a gigabyte of memory, 4GB of internal storage, and a "really crappy processor" (Amlogic S905D2 SoC) and is mostly good for controlling music.

How do you get in? The SoC has a built-in USB "burning mode," allowing for a connected computer, running the right toolkit, to open up root access and overwrite its firmware. Jeff has quite a few issues getting connected (check his video description for some guidance), but it's "drag and drop" once you're in. Jeff runs through a few of the most popular options for a repurposed Car Thing:

- DeskThing, which largely makes Spotify desk-friendly, but adds a tiny app store for weather (including Jeff's own WeatherWave), clocks, and alternate music controls
- GlanceThing, which keeps the music controls but also provides some Stream-Deck-like app-launching shortcuts for your main computer.
- Nocturne, currently invite-only, is a wholly redesigned Spotify interface that restores all its Spotify functionality.

Apple was notified by the European Union that its geo-blocking practices are potentially in breach of consumer protection rules, adding to the iPhone maker's regulatory issues in the bloc. From a report: Apple's App Store, iTunes Store and other media services unlawfully discriminate against European customers based on their place of residence, according to a European Commission statement on Tuesday.

The notification comes as Apple is facing the first-ever fine under the Digital Markets Act, or DMA, for failing to allow app developers to steer users to cheaper deals, Bloomberg News reported last week. That penalty is set to come months after the Cupertino, California-based company was hit with a $1.9 billion fine for similar abuses under the bloc's traditional competition rules.

The geo-locating investigation was conducted together with a network of national consumer authorities and found Apple media services only allow users to use payment cards issued in the countries they registered their Apple accounts, according to the statement. The App Store also blocks users from downloading apps offered in other countries, the investigation found.

Qwant, France's privacy-focused search engine, and Ecosia, a Berlin-based not-for-profit search engine that uses ad revenue to fund tree planting and other climate-focused initiatives, are joining forces on a joint venture to develop their own European search index. TechCrunch: The pair hopes this move will help drive innovation in their respective search engines -- including and especially around generative AI -- as well as reducing dependence on search indexes provided by tech giants Microsoft (Bing) and Google. Both currently rely on Bing's search APIs while Ecosia also uses Google's search results. Rising API costs are one clear motivator for the move to shrink this Big Tech dependency, with Microsoft massively hiking prices for Bing's search APIs last year.

Neither Ecosia nor Qwant will stop using Bing or Google altogether. However, they aim to diversify the core tech supporting their services with their own index. It will lower their operational costs, and serve as a technical base to fuel their own product development as GenAI technologies take up a more central role in many consumer-facing digital services. Both search engines have already dabbled in integrating GenAI features. Expect more on this front, although they aren't planning to develop AI model development themselves. They say they will continue to rely on API access to major platforms' large language models (LLMs) to power these additions. The pair is also open to other European firms joining in with their push for more tech stack sovereignty -- at least as fellow customers for the search index, as they plan to license access via an API. Other forms of partnership could be considered too, they told TechCrunch.

Cryptocurrency backers continue to bid up Bitcoin prices, pushing the digital token to a new high of about $84,000 on Monday. The New York Times: The cryptocurrency has surged since Election Day, on investor hopes that President-elect Donald J. Trump and his appointees would be friendlier to the industry after the Biden administration's aggressive enforcement of securities law that targeted several crypto companies.

Cryptocurrencies have become a major component of the so-called Trump trade. Bitcoin exchange-traded funds, which got the regulatory green light to trade this year, have been booming over the past week. Crypto-related companies have also jumped in value: Riot Platforms, a Bitcoin miner, is up 68 percent since Election Day and Coinbase, a crypto exchange, is up 69 percent over the same period.

A new article at Reason.com argues that U.S. courts "are coming for digital libraries." In September, a federal appeals court dealt a major blow to the Internet Archive — one of the largest online repositories of free books, media, and software — in a copyright case with significant implications for publishers, libraries, and readers. The U.S. Court of Appeals for the 2nd Circuit upheld a lower court ruling that found the Internet Archive's huge, digitized lending library of copyrighted books was not covered by the "fair use" doctrine and infringed on the rights of publishers. Agreeing with the Archive's interpretation of fair use "would significantly narrow — if not entirely eviscerate — copyright owners' exclusive right to prepare derivative works," the 2nd Circuit ruled. "Were we to approve [Internet Archive's] use of the works, there would be little reason for consumers or libraries to pay publishers for content they could access for free."
Others disagree, according to some links shared in a recent email from the Internet Archive. Public Knowledge CEO Chris Lewis argues the court's logic renders the fair use doctrine "almost unusuable". And that's just the beginning... This decision harms libraries. It locks them into an e-book ecosystem designed to extract as much money as possible while harvesting (and reselling) reader data en masse. It leaves local communities' reading habits at the mercy of curatorial decisions made by four dominant publishing companies thousands of miles away. It steers Americans away from one of the few remaining bastions of privacy protection and funnels them into a surveillance ecosystem that, like Big Tech, becomes more dangerous with each passing data breach.
But lawyer/librarian Kyle K. Courtney writes that the case "is specific only to the parties, and does not impact the other existing versions of controlled digital lending." Additionally, this decision is limited to the 2nd Circuit and is not binding anywhere else — in other words, it does not apply to the 47 states outside the 2nd Circuit's jurisdiction. In talking with colleagues in the U.S. this week and last, many are continuing their programs because they believe their digital loaning programs fall outside the scope of this ruling... Moreover, the court's opinion focuses on digital books that the court said "are commercially available for sale or license in any electronic text format." Therefore, there remains a significant number of materials in library collections that have not made the jump to digital, nor are likely to, meaning that there is no ebook market to harm — nor is one likely to emerge for certain works, such as those that are no longer commercially viable...

This case represents just one instance in an ongoing conversation about library lending in the digital age, and the possibility of appeal to the U.S. Supreme Court means the final outcome is far from settled.
Some more quotes from links shared by Internet Archive:

• "It was clear that the only reason all the big publishers sued the Internet Archive was to put another nail in the coffin of libraries and push to keep this ebook licensing scheme grift going. Now the courts have helped." — TechDirt

• "The case against the Internet Archive is not just a story about the ruination of an online library, but a grander narrative of our times: how money facilitates the transference of knowledge away from the public, back towards the few." — blogger Hannah Williams

Thanks to Slashdot reader fjo3 for sharing the news.

On its 20th anniversary, Firefox "is still going strong, and it is a better browser today than it ever was," according to TechCrunch.

In an interview, Mozilla's interim CEO says one of the first things they did when was to "unlock a bunch of money towards Firefox product development... I've been in enough places where people tend to forget about the core business, and they stop investing in it, because they get distracted by shiny things — and then they regret it." "Firefox is incredibly important, and it is our core. We've actually put more investment into it this year and into connecting with our communities, into bringing out and testing features that are positive and creating good experiences for folks. That's been a huge priority for me and for the company this year, and it's showing up in the results."

She acknowledged that Mozilla doesn't have the device distribution that benefits many of Firefox's competitors, especially on mobile, but she did note that the Digital Marks Act (DMA) in Europe — which means Apple, for example, has to provide a browser choice screen on iOS — is working. "With the DMA, even though the implementation hasn't been outstanding, we're seeing a real shift. When people have the choice to choose Firefox, they're choosing Firefox," she said...

To kick-start some of this growth, Mozilla is looking at reaching new, and younger, users. Chambers noted that Mozilla is running a number of marketing campaigns to make people aware of Firefox, especially those who are only now starting to make their first browser choices. With them, she believes, Mozilla's messaging around privacy lands especially well.
In a future where browsers include AI agents that take actions on behalf of users, there might be more confidence in a browser designed for privacy and transparency, the interim CEO points out — as part of their larger mission. "What I love about Firefox is that it really provides users with an alternative choice of a browser that is just genuinely designed for them.

"We have, from its very inception and throughout, really wanted to create a browser that prioritizes people over profit, prioritizes privacy over anything else, and to have that option, the choice."

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

This week Discover magazine looks at evidence — both old and new — for a ninth planet in our solar system: "Orbits of the most distant small bodies — comets or asteroids — seem to be clustered on one half or one side of the solar system," says Amir Siraj [an astrophysicist with Princeton University]. "That's very weird and something that can't be explained by our current understanding of the solar system." A 2014 study in Nature first noted these orbits. A 2021 study in The Astronomical Journal examined the clustering in the orbit and concluded that "Planet Nine" was likely closer and brighter than expected.

Astrophysicists don't agree whether the clustering in the orbit is a real effect. Some have argued it is biased because the view that scientists currently have is limited, Siraj says. "This debate for the last decade has a lot of scientists confused, including myself. I decided to look at the problem from scratch," he says.

In a 2024 paper, Siraj and his co-authors ran simulations of the solar system, including an extra planet beyond Neptune. "We did it 300 times, about 2.5 times more than what was done previously," Siraj says. "In each simulation, you try different parameters for the extra planet. A different mass, a different tilt, a different shape of the orbit. You run these for millions of years, and then you compare the distribution to what we see in our solar system...." They found that the perimeters for this possible planet were different than what has been previously discussed in the scientific literature, and they supported the possibility of an unseen planet beyond Neptune.

Scientists hope a new telescope will have the potential to see deeper into the solar system. In 2025, the Vera C. Rubin Observatory on Cerro Pachón — a mountain in Chile, is expected to go online. The observatory boasts that in the time it takes a person to open up their phone and pose for a selfie, their new telescope will be able to snap an image of 100,000 galaxies, many of which have never been seen by scientists. The telescope will have the largest digital camera ever built, the LSST. Siraj says he expects it will take "the deepest, all-sky survey that humanity has ever conducted." So, what might the Rubin Observatory find past Neptune? Based on the current literature, Siraj sees a few possibilities. One is that the Rubin Observatory, with its increased capabilities, might be able to see a planet beyond Neptune... "Next year is going to be an enormous year for solar system science," he says.
NASA points out that the Hawaii-based Keck and Subaru telescopes are also searching for Planet X, while "a NASA-funded citizen science project called Backyard Worlds: Planet 9, encourages the public to help search using images captured by NASA's Wide-field Infrared Survey Explorer (WISE) mission.

And starting next year the Rubin observatory will also "search for more Kuiper Belt objects. If the orbits of these objects are systematically aligned with each other, it may give more evidence for the existence of Planet X (Planet Nine), or at least help astronomers know where to search for it.

"Another possibility is that Planet X (Planet Nine) does not exist at all. Some researchers suggest the unusual orbit of those Kuiper Belt objects can be explained by their random distribution."

Thanks to long-time Slashdot reader Tablizer for sharing the news.

An anonymous reader shared this report from Digital Trends: A number of popular generative AI platforms are seeing consistent growth as users are figuring out how they want to use the tools - and ChatGPT is at the top of the list with the most visits, at 3.7 billion worldwide. So many people are visiting the AI chatbot, its figures are rivaling browser market share. It can only be compared to Google Chrome figures in terms of monthly users, which is estimated to be around 3.45 billion.

Statistics from [web analytics company] Similarweb indicate that ChatGPT saw a 17.2% month-over-month (MoM) growth and a 115.9% year-over-year (YoY) traffic growth... Google's Chrome browser has a solid market share of 35.4 billion users in 2024. It has seen minimal growth YoY but has grown 45.35% in the last 5 years, according to Statscounter.
The article notes ChatGPT saw a jump in traffic when it changed its dowmain from chat.openai.com to just chatgpt.com -- and that OpenAI recently purchased the domain Chat.com (though "there is no word on what the company plans to do...") Meanwhile, other AI tools continue to see traffic and growth, despite not being at the same level as ChatGPT. Despite recent plagiarism claims, the Perplexity chatbot has seen 90.8 million visits in October, a 25.5% MoM growth and 199.2% YoY growth. Google's Gemini Chatbot saw 291.6 million visits in October, a 6.2% MoM growth and 19% YoY growth after the company introduced a new ChromeOS update that brought new AI features to its Chromebooks. Anthropic's Claude chatbot has seen 84.1 million visits in October, a 25.5% MoM growth and 394.9% YoY growth, after recently rolling out a desktop application for Windows and macOS. Microsoft's web-based Copilot website saw 69.4 million visits in October, an 87.6% MoM growth.

From an opinion piece on GamesIndustry.biz about the recently launched PS5 Pro that went on sale this week: What I'd argue is actually more interesting about PS5 Pro in a wider perspective isn't what Sony has done to the chips in the system -- it's what they've chosen not to include, and what it tells us about the decision-making process that's likely occurring for the company's future hardware. PS5 Pro doesn't have a disc drive. Anyone who wants to play disc-based games on the system will need to buy one of the add-on drives Sony started selling when the PS5 Slim model was released, adding further to the cost of the already very expensive device.

To add insult to injury, Sony doesn't seem to have made any effort whatsoever to ensure that those drives are actually well-stocked for the launch of the Pro. I can only speak directly to the situation in Japan, where they've been out of stock at most major retailers for months and even second-hand units are being sold at three to four times SRP by scalpers. But asking around suggests that the situation isn't much better in other regions. That's a very rough welcome to PS5 Pro ownership for anyone upgrading who has a collection of games on disc.

It's possible, of course, that Sony excluded the drive simply because its cost would push the Pro's price tag even higher. However, the incongruity of Sony's "Pro" console lacking the basic ability to play the games Sony sells at retailers all around the world is striking, and it's difficult to see the decision to accept that incongruity -- and the inconvenience it would inevitably cause for customers -- as anything other than strategic.

Digital sales make up a bigger and bigger portion of the industry's revenues every year, but physical game sales are still a very big deal -- and physical games are products that fall outside the control of publishers and platform holders in a way that they have found increasingly irritating in recent years. People who buy physical games can sell them second-hand or lend them to their friends, retailers with physical games in stock can discount them or include them in bundles as they see fit.

IBM is facing a new lawsuit alleging that its Weather Channel website shared users' personal data with third-party ad partners without consent, violating the Video Privacy Protection Act (VPPA). The Register reports: In the absence of a comprehensive federal privacy law, the complaint [PDF] claims Big Blue violated America's Video Privacy Protection Act (VPPA), enacted in 1988 in response to the disclosure of Supreme Court nominee Robert Bork's videotape rental records. IBM was sued in 2019 (PDF) by then Los Angeles City Attorney Mike Feuer over similar allegations: That its Weather Channel mobile app collected and shared location data without disclosure. The IT titan settled that claim in 2020. A separate civil action against IBM's Weather Channel was filed in 2020 and settled in 2023 (PDF).

This latest legal salvo against alleged Weather Channel-enabled data collection takes issue with the sensitive information made available through the company's website to third-party ad partners mParticle and AppNexus/Xandr (acquired by Microsoft in 2022). The former provides customer analytics, and the latter is an advertising and marketing platform. The complaint, filed on behalf of California plaintiff Ed Penning, contends that by watching videos on the Weather Channel website, those two marketing firms received Penning's full name, gender, email address, precise geolocation, the name, and the URLs of videos he watched, without his permission or knowledge.

It explains that the plaintiff's counsel retained a private research firm last year to analyze browser network traffic during video sessions on the Weather Channel website. The research firm is said to have confirmed that the website provided the third-party ad firms with information that could be used to identify people and the videos that they watched. The VPPA prohibits video providers from sharing "personally identifiable information" about clients without their consent. [...] The lawsuit aspires to be certified as a class action. Under the VPPA, a successful claim allows for actual damages (if any) and statutory damages of $2,500 for each violation of the law, as well as attorney's fees.

Over 60 classic Sega games are being delisted from digital stores, including Crazy Taxi, Golden Axe and Jet Set Radio. From a report: Starting on 6th December at 11:59pm PST (so, 7.59am on 7th December, for those of us in the UK), the affected games will no longer be available to purchase. Of course, if you already have a game in your library, it will remain available to download and play as and when.

In a FAQ, Sega noted select individual classic titles will remain playable for those among us who have a Nintendo Switch Online subscription. No explanation was given for why these changes are being made.

A six-month German pilot of a four-day workweek across 45 companies demonstrated that most employees experienced reduced stress and maintained productivity, with some companies adopting optimized processes and digital tools to enhance efficiency. The report says 70% of the firms plan to continue the model. DW News reports: Earlier this year, some 45 German firms launched a 4-day workweek project to find out if such a fundamental change to how we work can achieve positive results for employers and employees. For six months, and closely watched by researchers from Munster University in Germany, the volunteer companies allowed their employees to work fewer hours without reducing their salaries. The pilot run was initiated by Berlin-based management consultancy, Intraprenor, in collaboration with the nonprofit organization 4 Day Week Global (4DWG). [...]

Julia Backmann, the scientific lead of the pilot study, says employees generally felt better with fewer hours and remained just as productive as they were with a five-day week, and, in some cases, were even more productive. Participants reported significant improvements in mental and physical health, she told DW, and showed less stress and burnout symptoms, as confirmed by data from smartwatches tracking daily stress minutes. According to Backmann's findings, two out of three employees reported fewer distractions because processes were optimized. Over half of the companies redesigned their meetings to make them less frequent and shorter, while one in four companies adopted new digital tools to boost efficiency. "The potential of shorter working hours seems to be stifled by complex processes, too many meetings, and low digitalization," said Carsten Meier from Intraprenor.

The study has also shown that participants were more physically active during the 4-day workweek, and they slept an average of 38 minutes more per week than those in the five-day control group. However, monthly sick days only dropped slightly, a statistically insignificant difference compared to the same period a year ago. Marika Platz from Munster University, who analyzed the data, said she was surprised at the number of sick days because similar studies in other countries showed a significant reduction. Another surprise, she told DW, was the lack of environmental benefits from reduced working hours during the German test as other countries reported a positive impact from offices that could be shut down completely for one day, and fewer commutes to work that resulted in higher energy savings. The reason for this was probably that some German employees took advantage of the long weekends to travel, she said, which reduced any potential energy savings. Study director Backmann stressed that the study was not about advocating for a blanket rollout of the 4-day workweek across all sectors, but rather exploring "an innovative work-time model and its effects."

Carsten Meier from the Intraprenor consultancy added that the positive results of the trial cannot be "automatically translated" into similar gains for every company in Germany.

Leading fintech and digital asset firms, including Robinhood, Kraken and Galaxy Digital, have introduced a joint stablecoin pegged to the U.S. dollar. Called the Global Dollar Network, it seeks to enhance the stablecoin market by lowering transaction costs, boosting consumer protections, and facilitating cross-border transactions with rewards for institutional participants. Crypto Briefing reports: The network will utilize Paxos's new stablecoin, the Global Dollar (USDG), which complies with the Monetary Authority of Singapore's upcoming stablecoin framework. USDG is designed to return yield on reserve assets to participants who contribute to its adoption, encouraging the development of crypto and financial solutions using the token. The Global Dollar Network aims to address shortcomings in the stablecoin market, such as high transaction costs and limited consumer protections.

The network has opened an invite-only phase for select custodians, exchanges, payment processors, merchants, and banks to develop new solutions using USDG. Initial distribution is available on Anchorage Digital, Galaxy Digital, Kraken, and Paxos platforms, with plans to expand access through additional partners in the coming months.

GitHub released its annual "State of the Octoverse" report this week. And while "Systems programming languages, like Rust, are also on the rise... Python, JavaScript, TypeScript, and Java remain the most widely used languages on GitHub."

In fact, "In 2024, Python overtook JavaScript as the most popular language on GitHub." They also report usage of Jupyter Notebooks "skyrocketed" with a 92% jump in usage, which along with Python's rise seems to underscore "the surge in data science and machine learning on GitHub..." We're also seeing increased interest in AI agents and smaller models that require less computational power, reflecting a shift across the industry as more people focus on new use cases for AI... While the United States leads in contributions to generative AI projects on GitHub, we see more absolute activity outside the United States. In 2024, there was a 59% surge in the number of contributions to generative AI projects on GitHub and a 98% increase in the number of projects overall — and many of those contributions came from places like India, Germany, Japan, and Singapore...

Notable growth is occurring in India, which is expected to have the world's largest developer population on GitHub by 2028, as well as across Africa and Latin America... [W]e have seen greater growth outside the United States every year since 2013 — and that trend has sped up over the past few years.
Last year they'd projected India would have the most developers on GitHub #1 by 2027, but now believe it will happen a year later. This year's top 10?

1. United States
2. India
3. China
4. Brazil
5. United Kingdom
6. Russia
7. Germany
8. Indonesia
9. Japan
10. Canada

Interestingly, the UK's population ranks #21 among countries of the world, while Germany ranks #19, and Canada ranks #36.)

GitHub's announcement argues the rise of non-English, high-population regions "is notable given that it is happening at the same time as the proliferation of generative AI tools, which are increasingly enabling developers to engage with code in their natural language." And they offer one more data point: GitHub's For Good First Issue is a curated list of Digital Public Goods that need contributors, connecting those projects with people who want to address a societal challenge and promote sustainable development...

Significantly, 34% of contributors to the top 10 For Good Issue projects... made their first contribution after signing up for GitHub Copilot.
There's now 518 million projects on GitHub — with a year-over-year growth of 25%...

Slashdot reader samleecole shared this report from 404 Media: Northwell Health, New York State's largest healthcare provider, recently launched a large language model tool that it is encouraging doctors and clinicians to use for translation, sensitive patient data, and has suggested it can be used for diagnostic purposes, 404 Media has learned. Northwell Health has more than 85,000 employees.

An internal presentation and employee chats obtained by 404 Media shows how healthcare professionals are using LLMs and chatbots to edit writing, make hiring decisions, do administrative tasks, and handle patient data. In the presentation given in August, Rebecca Kaul, senior vice president and chief of digital innovation and transformation at Northwell, along with a senior engineer, discussed the launch of the tool, called AI Hub, and gave a demonstration of how clinicians and researchers—or anyone with a Northwell email address—can use it... AI Hub can be used for "clinical or clinical adjacent" tasks, as well as answering questions about hospital policies and billing, writing job descriptions and editing writing, and summarizing electronic medical record excerpts and inputting patients' personally identifying and protected health information.

The demonstration also showed potential capabilities that included "detect pancreas cancer," and "parse HL7," a health data standard used to share electronic health records.

The leaked presentation shows that hospitals are increasingly using AI and LLMs to streamlining administrative tasks, and shows that some are experimenting with or at least considering how LLMs would be used in clinical settings or in interactions with patients.

Long-time Slashdot reader samj — also a long-time Debian developer — tells us there's some opposition to the newly-released Open Source AI definition. He calls it a "fork" that undermines the original Open Source definition (which was originally derived from Debian's Free Software Guidelines, written primarily by Bruce Perens), and points us to a new domain with a petition declaring that instead Open Source shall be defined "solely by the Open Source Definition version 1.9. Any amendments or new definitions shall only be recognized with clear community consensus via an open and transparent process."

This move follows some discussion on the Debian mailing list: Allowing "Open Source AI" to hide their training data is nothing but setting up a "data barrier" protecting the monopoly, disabling anybody other than the first party to reproduce or replicate an AI. Once passed, OSI is making a historical mistake towards the FOSS ecosystem.
They're not the only ones worried about data. This week TechCrunch noted an August study which "found that many 'open source' models are basically open source in name only. The data required to train the models is kept secret, the compute power needed to run them is beyond the reach of many developers, and the techniques to fine-tune them are intimidatingly complex. Instead of democratizing AI, these 'open source' projects tend to entrench and expand centralized power, the study's authors concluded."

samj shares the concern about training data, arguing that training data is the source code and that this new definition has real-world consequences. (On a personal note, he says it "poses an existential threat to our pAI-OS project at the non-profit Kwaai Open Source Lab I volunteer at, so we've been very active in pushing back past few weeks.")

And he also came up with a detailed response by asking ChatGPT. What would be the implications of a Debian disavowing the OSI's Open Source AI definition? ChatGPT composed a 7-point, 14-paragraph response, concluding that this level of opposition would "create challenges for AI developers regarding licensing. It might also lead to a fragmentation of the open-source community into factions with differing views on how AI should be governed under open-source rules." But "Ultimately, it could spur the creation of alternative definitions or movements aimed at maintaining stricter adherence to the traditional tenets of software freedom in the AI age."

However the official FAQ for the new Open Source AI definition argues that training data "does not equate to a software source code." Training data is important to study modern machine learning systems. But it is not what AI researchers and practitioners necessarily use as part of the preferred form for making modifications to a trained model.... [F]orks could include removing non-public or non-open data from the training dataset, in order to train a new Open Source AI system on fully public or open data...

[W]e want Open Source AI to exist also in fields where data cannot be legally shared, for example medical AI. Laws that permit training on data often limit the resharing of that same data to protect copyright or other interests. Privacy rules also give a person the rightful ability to control their most sensitive information — like decisions about their health. Similarly, much of the world's Indigenous knowledge is protected through mechanisms that are not compatible with later-developed frameworks for rights exclusivity and sharing.
Read on for the rest of their response...

The free face-image search engine PimEyes "scans through billions of images from the internet and finds matches of your photo that could have appeared in a church bulletin or a wedding photographer's website," -us/news/technology/they-made-a-public-rolodex-of-our-faces-here-s-how-i-tried-to-get-out/ar-AA1tlpPuwrites a Washington Post columnist.

So to find and delete themselves from "the PimEyes searchable Rolodex of faces," they "recently handed over a selfie and a digital copy of my driver's license to a company I don't trust." PimEyes says it empowers people to find their online images and try to get unwanted ones taken down. But PimEyes face searches are largely open to anyone with either good or malicious intent. People have used PimEyes to identify participants in the Jan. 6, 2021, attack on the Capitol, and creeps have used it to publicize strangers' personal information from just their image.

The company offers an opt-out form to remove your face from PimEyes searches. I did it and resented spending time and providing even more personal information to remove myself from the PimEyes repository, which we didn't consent to be part of in the first place. The increasing ease of potentially identifying your name, work history, children's school, home address and other sensitive information from one photo shows the absurdity of America's largely unrestrained data-harvesting economy.
While PimEyes' CEO said they don't keep the information you provide to opt-out, "you give PimEyes at least one photo of yourself plus a digital copy of a passport or ID with personal details obscured..." according to the article. (PimEyes' confirmation email "said I might need to repeat the opt-out with more photos...") Some digital privacy experts said it's worth opting out of PimEyes, even if it's imperfect, and that PimEyes probably legitimately needs a personal photo and proof of identity for the process. Others found it "absurd" to provide more information to PimEyes... or they weren't sure opting out was the best choice... Experts said the fundamental problem is how much information is harvested and accessible without your knowledge or consent from your phone, home speakers, your car and information-organizing middlemen like PimEyes and data brokers.

Nathan Freed Wessler, an American Civil Liberties Union attorney focused on privacy litigation, said laws need to change the assumption that companies can collect almost anything about you or your face unless you go through endless opt-outs. "These systems are scary and abusive," he said. "If they're going to exist, they should be based on an opt-in system."