From a blog post by Greg Kroah-Hartman: As was recently announced, the Linux kernel project has been accepted as a CVE Numbering Authority (CNA) for vulnerabilities found in Linux.

This is a trend, of more open source projects taking over the haphazard assignments of CVEs against their project by becoming a CNA so that no other group can assign CVEs without their involvment. Here's the curl project doing much the same thing for the same reasons. I'd like to point out the great work that the Python project has done in supporting this effort, and the OpenSSF project also encouraging it and providing documentation and help for open source projects to accomplish this. I'd also like to thank the cve.org group and board as they all made the application process very smooth for us and provided loads of help in making this all possible.

As many of you all know, I have talked a lot about CVEs in the past, and yes, I think the system overall is broken in many ways, but this change is a way for us to take more responsibility for this, and hopefully make the process better over time. It's also work that it looks like all open source projects might be mandated to do with the recent rules and laws being enacted in different parts of the world, so having this in place with the kernel will allow us to notify all sorts of different CNA-like organizations if needed in the future.
Kroah-Hartman links to his post on the kernel mailing list for "more details about how this is all going to work for the kernel." [D]ue to the layer at which the Linux kernel is in a system, almost any bug might be exploitable to compromise the security of the kernel, but the possibility of exploitation is often not evident when the bug is fixed. Because of this, the CVE assignment team are overly cautious and assign CVE numbers to any bugfix that they identify. This explains the seemingly large number of CVEs that are issued by the Linux kernel team...

No CVEs will be assigned for unfixed security issues in the Linux kernel, assignment will only happen after a fix is available as it can be properly tracked that way by the git commit id of the original fix. No CVEs will be assigned for any issue found in a version of the kernel that is not currently being actively supported by the Stable/LTS kernel team.
alanw (Slashdot reader #1,822) worries this could overwhelm the CVE infrastructure, pointing to an ongoing discussion at LWN.net.

But reached for a comment, Greg Kroah-Hartman thinks there's been a misunderstanding. He told Slashdot that the CVE group "explicitly asked for this as part of our application... so if they are comfortable with it, why is no one else?"

A paper (PDF) from researchers at the University of Cambridge, supported by voices from numerous academic institutions including OpenAI, proposes remote kill switches and lockouts as methods to mitigate risks associated with advanced AI technologies. It also recommends tracking AI chip sales globally. The Register reports: The paper highlights numerous ways policymakers might approach AI hardware regulation. Many of the suggestions -- including those designed to improve visibility and limit the sale of AI accelerators -- are already playing out at a national level. Last year US president Joe Biden put forward an executive order aimed at identifying companies developing large dual-use AI models as well as the infrastructure vendors capable of training them. If you're not familiar, "dual-use" refers to technologies that can serve double duty in civilian and military applications. More recently, the US Commerce Department proposed regulation that would require American cloud providers to implement more stringent "know-your-customer" policies to prevent persons or countries of concern from getting around export restrictions. This kind of visibility is valuable, researchers note, as it could help to avoid another arms race, like the one triggered by the missile gap controversy, where erroneous reports led to massive build up of ballistic missiles. While valuable, they warn that executing on these reporting requirements risks invading customer privacy and even lead to sensitive data being leaked.

Meanwhile, on the trade front, the Commerce Department has continued to step up restrictions, limiting the performance of accelerators sold to China. But, as we've previously reported, while these efforts have made it harder for countries like China to get their hands on American chips, they are far from perfect. To address these limitations, the researchers have proposed implementing a global registry for AI chip sales that would track them over the course of their lifecycle, even after they've left their country of origin. Such a registry, they suggest, could incorporate a unique identifier into each chip, which could help to combat smuggling of components.

At the more extreme end of the spectrum, researchers have suggested that kill switches could be baked into the silicon to prevent their use in malicious applications. [...] The academics are clearer elsewhere in their study, proposing that processor functionality could be switched off or dialed down by regulators remotely using digital licensing: "Specialized co-processors that sit on the chip could hold a cryptographically signed digital "certificate," and updates to the use-case policy could be delivered remotely via firmware updates. The authorization for the on-chip license could be periodically renewed by the regulator, while the chip producer could administer it. An expired or illegitimate license would cause the chip to not work, or reduce its performance." In theory, this could allow watchdogs to respond faster to abuses of sensitive technologies by cutting off access to chips remotely, but the authors warn that doing so isn't without risk. The implication being, if implemented incorrectly, that such a kill switch could become a target for cybercriminals to exploit.

Another proposal would require multiple parties to sign off on potentially risky AI training tasks before they can be deployed at scale. "Nuclear weapons use similar mechanisms called permissive action links," they wrote. For nuclear weapons, these security locks are designed to prevent one person from going rogue and launching a first strike. For AI however, the idea is that if an individual or company wanted to train a model over a certain threshold in the cloud, they'd first need to get authorization to do so. Though a potent tool, the researchers observe that this could backfire by preventing the development of desirable AI. The argument seems to be that while the use of nuclear weapons has a pretty clear-cut outcome, AI isn't always so black and white. But if this feels a little too dystopian for your tastes, the paper dedicates an entire section to reallocating AI resources for the betterment of society as a whole. The idea being that policymakers could come together to make AI compute more accessible to groups unlikely to use it for evil, a concept described as "allocation."

An anonymous reader quotes a report from TechCrunch: AI-generated imagery and other forms of deepfakes depicting child sexual abuse (CSA) could be criminalized in the European Union under plans to update existing legislation to keep pace with technology developments, the Commission announced today. It's also proposing to create a new criminal offense of livestreaming child sexual abuse. The possession and exchange of "pedophile manuals" would also be criminalized under the plan -- which is part of a wider package of measures the EU says is intended to boost prevention of CSA, including by increasing awareness of online risks and to make it easier for victims to report crimes and obtain support (including granting them a right to financial compensation). The proposal to update the EU's current rules in this area, which date back to 2011, also includes changes around mandatory reporting of offenses.

Back in May 2022, the Commission presented a separate piece of CSA-related draft legislation, aiming to establish a framework that could make it obligatory for digital services to use automated technologies to detect and report existing or new child sexual abuse material (CSAM) circulating on their platforms, and identify and report grooming activity targeting kids. The CSAM-scanning plan has proven to be highly controversial -- and it continues to split lawmakers in the parliament and the Council, as well as kicking up suspicions over the Commission's links with child safety tech lobbyists and raising other awkward questions for the EU's executive, over a legally questionable foray into microtargeted ads to promote the proposal. The Commission's decision to prioritize the targeting of digital messaging platforms to tackle CSA has attracted a lot of criticism that the bloc's lawmakers are focusing in the wrong area for combatting a complex societal problem -- which may have generated some pressure for it to come with follow-on proposals. (Not that the Commission is saying that, of course; it describes today's package as "complementary" to its earlier CSAM-scanning proposal.) "Fast evolving technologies are creating new possibilities for child sexual abuse online, and raises challenges for law enforcement to investigate this extremely serious and wide spread crime," said Ylva Johansson, commissioner for home affairs, in a statement. "A strong criminal law is essential and today we are taking a key step to ensure that we have effective legal tools to rescue children and bring perpetrators to justice. We are delivering on our commitments made in the EU Strategy for a more effective fight against Child sexual abuse presented in July 2020."

The final shape of the proposals will be determined by the EU's co-legislators in the Parliament and Council. "If/when there's agreement on how to amend the current directive on combating CSA, it would enter into force 20 days after its publication in the Official Journal of the EU," adds TechCrunch.

Microsoft's Visual Studio Code editor now includes a voice command that launches GitHub Copilot Chat just by saying "Hey Code."

But one Linux blog notes that the editor has suddenly stopped supporting Ubuntu 18.04 LTS — "a move causing issues for scores of developers." VS Code 1.86 (aka the 'January 2024' update) saw Microsoft bump the minimum build requirements for the text editor's popular remote dev tools to â¥glibc 2.28 — but Ubuntu 18.04 LTS uses glibc 2.27, ergo they no longer work.

While Ubuntu 18.04 is supported by Canonical until 2028 (through ESM) a major glibc upgrade is unlikely. Thus, this "breaking change" is truly breaking workflows...

It seems affected developers were caught off-guard as this (rather impactful) change was not signposted before, during, or after the VS Code update (which is installed automatically for most, and the update was pushed out to Ubuntu 18.04 machines). Indeed, most only discovered this issue after update was installed, they tried to connect to a remote server, and discovered it failed. The resulting error message does mention deprecation and links to an FAQ on the VS Code website with workarounds (i.e. downgrade).

But as one developer politely put it.... "It could have checked the libc versions and refused the update. Now, many people are screwed in the middle of their work."
The article points out an upgrade to Ubuntu 20.04 LTS will address the problem. On GitHub a Microsoft engineer posted additional options from VS Code's documentation: If you are unable to upgrade your Linux distribution, the recommended alternative is to use our web client. If you would like to use the desktop version, then you can download the VS Code release 1.85. Depending on your platform, make sure to disable updates to stay on that version.
Microsoft then locked the thread on GitHub as "too heated" and limited conversation to just collaborators.

In a related thread someone suggested installing VS Code's Flatpak, which was still on version 1.85 — and then disabling updates. But soon Microsoft had locked that thread as well as "too heated," again limiting conversation to collaborators.

The Verge reports that Threads is "booming," according to figures shared by Mark Zuckerberg on Meta's earnings call, with 130 million active users a month.

TechCrunch reports: Threads is continuing to grow, having tripled its downloads month-over-month in December, which gave it a place in the top 10 most downloaded apps for the month across both the App Store and Google Play...

Threads famously had a record-breaking launch, reaching 100 million registered users within its first five days. However, the app saw its daily downloads decline starting last September through the end of the year. But in December, Threads once again returned to growth, likely due to the push Meta had given the app by displaying promos on Facebook that featured Threads' viral posts. Today, there are an estimated 160 million Threads users, according to one tracker...

The app could also be benefiting from its move into the "fediverse" — the social network comprised of interconnected servers that communicate via the ActivityPub protocol, like Mastodon... In addition, Threads recently announced the launch of an endpoint, allowing developers of third-party apps and websites to use a dynamic URL to refill text into the Threads composer. For example, there's now a website where anyone can generate Threads share links and profile badges. Marketing tool provider Shareaholic also just launched Threads Share buttons for websites, including both desktop and mobile sites. This flurry of activity around Threads is helping to move the app up in the chart rankings, though some inorganic boosts from Meta itself are likely also responsible for the jump in downloads, given the size.

Google has removed links to page caches from its search results page, the company's search liaison Danny Sullivan has confirmed. From a report: "It was meant for helping people access pages when way back, you often couldn't depend on a page loading," Sullivan wrote on X. "These days, things have greatly improved. So, it was decided to retire it."

The cache feature historically let you view a webpage as Google sees it, which is useful for a variety of different reasons beyond just being able to see a page that's struggling to load. SEO professionals could use it to debug their sites or even keep tabs on competitors, and it can also be an enormously helpful news gathering tool, giving reporters the ability to see exactly what information a company has added (or removed) from a website, and a way to see details that people or companies might be trying to scrub from the web. Or, if a site is blocked in your region, Google's cache can work as a great alternative to a VPN.

SpaceX revealed that it's delivering over 42 petabytes of data for customers per day, according to engineer Travis Brashears. "We're passing over terabits per second [of data] every day across 9,000 lasers," Brashears said today at SPIE Photonics West, an event in San Francisco focused on the latest advancements in optics and light. "We actually serve over lasers all of our users on Starlink at a given time in like a two-hour window." PCMag reports: Although Starlink uses radio waves to beam high-speed internet to customers, SpaceX has also been outfitting the company's satellites with a "laser link" system to help drive down latency and improve the system's global coverage. The lasers, which can sustain a 100Gbps connection per link, are especially crucial to helping the satellites fetch data when no SpaceX ground station is near, like over the ocean or Antarctic. Instead, the satellite can transmit the data to and from another Starlink satellite in Earth's orbit, forming a mesh network in space.

Tuesday's talk from Brashears revealed the laser system is quite robust, even as the equipment is flying onboard thousands of Starlink satellites constantly circling the Earth. Despite the technical challenges, the company has achieved a laser "link uptime" at over 99%. The satellites are constantly forming laser links, resulting in about 266,141 "laser acquisitions" per day, according to Brashears' presentation. But in some cases, the links can also be maintained for weeks at a time, and even reach transmission rates at up to 200Gbps.

Brashears also said Starlink's laser system was able to connect two satellites over 5,400 kilometers (3,355 miles) apart. The link was so long "it cut down through the atmosphere, all the way down to 30 kilometers above the surface of the Earth," he said, before the connection broke. "Another really fun fact is that we held a link all the way down to 122 kilometers while we were de-orbiting a satellite," he said. "And we were able to downstream the video." During his presentation, Brashears also showed a slide depicting how the laser system can deliver data to a Starlink dish in Antarctica through about seven different paths. "We can dynamically change those routes within milliseconds. So as long as we have some path to the ground [station], you're going to have 99.99% uptime. That's why it's important to get as many nodes up there as possible," he added.

David Pierce reports via The Verge: A few minutes ago, I opened the new Arc Search app and typed, "What happened in the Chiefs game?" That game, the AFC Championship, had just wrapped up. Normally, I'd Google it, click on a few links, and read about the game that way. But in Arc Search, I typed the query and tapped the "Browse for me" button instead. Arc Search, the new iOS app from The Browser Company, which has been working on a browser called Arc for the last few years, went to work. It scoured the web -- reading six pages, it told me, from Twitter to The Guardian to USA Today -- and returned a bunch of information a few seconds later. I got the headline: Chiefs win. I got the final score, the key play, a "notable event" that also just said the Chiefs won, a note about Travis Kelce and Taylor Swift, a bunch of related links, and some more bullet points about the game.

Basically, instead of returning a bunch of search queries about the Chiefs game, Arc Search built me a webpage about it. And somewhere in there is The Browser Company's big idea about the future of web browsers -- that a browser, a search engine, an AI chatbot, and a website aren't different things. They're all just parts of an internet information finder, and they might as well exist inside the same app. [...] But from a pure product perspective, this feels closer to the way AI search should work than anything I've tried. Products like Copilot and Perplexity AI are cool, but they're fundamentally just chatbots with web access. Arc Search imagines something else entirely: AI that explores websites by building you a new one every time you ask.

The 2023 Hugo Awards for science fiction hosted in China sparked controversy by excluding several authors without explanation, raising censorship concerns. Works removed included RF Kuang's bestseller "Babel," an episode of "The Sandman," and author Xiran Jay Zhao. The prestigious Hugo Awards are voted on by science fiction fans and marked the first time the annual World Science Fiction Convention (Worldcon) was held in China. With no reasons given for the exclusions, revealed only when nomination statistics were posted, questions emerged whether there had been interference or censorship in the process from Chinese authorities. The removed works included Kuang's speculative fiction novel "Babel," which recently won fiction book of the year in the British book awards.

Bruce66423 shares a report: Recently released documents showed that several works or authors -- some with links to China -- had been excluded from the ballot despite receiving enough nominations to be included on their respective shortlists. The excluded nominees include Kuang and Zhao, authors who were born in China but are now based in the west. Concerns have been raised that the authors were targeted for political reasons, connected to the fact that the ruling Chinese Communist party exerts a tight control on all cultural events that take place inside its borders.

[...] Episode six of The Sandman, which is based on a comic book written by Neil Gaiman, was excluded from the best dramatic presentation category, despite receiving enough nominations to be on the final ballot. Gaiman has publicly criticised the Chinese authorities for imprisoning writers. [...] Writing on Facebook, Gaiman said: "Until now, one of the things that's always been refreshing about the Hugos has been the transparency and clarity of the process ... This is obfuscatory, and without some clarity it means that whatever has gone wrong here is unfixable, or may be unfixable in ways that don't damage the respect the Hugos have earned over the last 70 years."

Apple has updated its long-standing App Store guidelines, giving developers the option to let users make in-app purchases for iOS apps outside of its App Store. But the changes still haven't won over one of the company's longtime critics. From a report: Under the new rules, app developers can provide customers with links to third-party purchase options for their apps, but they must still pay Apple fees of either 12% or 27%. Spotify, one of Apple's biggest critics, isn't a fan of the changes. In a statement, the music streaming service slammed the new rules. "Once again, Apple has demonstrated that they will stop at nothing to protect the profits they exact on the backs of developers and consumers under their app store monopoly," the company said in a statement. "Their latest move in the US -- imposing a 27% fee for transactions made outside of an app on a developer's website -- is outrageous and flies in the face of the court's efforts to enable greater competition and user choice." Tech columnist John Gruber, writing at DaringFireball: Maybe the cynics are right! Let's just concede that they are, and that Apple will only make decisions here that benefit its bottom line. My argument remains that Apple should not be pursuing this plan for complying with the anti-steering injunction by collecting commissions from web sales that initiate in-app. Whatever revenue Apple would lose to non-commissioned web sales (for non-games) is not worth the hit they are taking to the company's brand and reputationâ--âthis move reeks of greed and avariceâ--ânor the increased ire and scrutiny of regulators and legislators on the "anti-Big-Tech" hunt.

Apple should have been looking for ways to lessen regulatory and legislative pressure over the past few years, and in today's climate that's more true than ever. But instead, their stance has seemingly been "Bring it on." Confrontational, not conciliatory, conceding not an inch. Rather than take a sure win with most of what they could want, Apple is seemingly hell-bent on trying to keep everything. To win in chess all you need is to capture your opponent's king. Apple seemingly wants to capture every last piece on the boardâ--âeven while playing in a tournament where the referees (regulators) are known to look askance at blatant poor sportsmanship (greed).

Apple's calculus should be to balance its natural desire to book large amounts of revenue from the App Store with policies that to some degree placate, rather than antagonize, regulators and legislators. No matter what the sport, no matter what the letter of the rulebook says, it's never a good idea to piss off the refs.

An anonymous reader shares a report: Fortnite maker Epic Games is not happy about how Apple intends to comply with a district court's injunction that permitted app developers to direct users to their own websites and payment platforms -- a court order that came into effect following the Supreme Court's decision to not hear the Apple antitrust case, leaving the current ruling to stand. Though Apple had largely won the case, as the court decided it was not a monopolist, a judge ruled that app makers should be able to steer their customers to the web from links or buttons inside their apps, something that forced Apple to change its App Store rules.

But Apple's compliance doesn't give app makers the victory they had hoped, as the tech giant aims to still charge commissions on purchases made outside of apps -- a decision Epic aims to challenge in court. According to statements made by Epic Games CEO Tim Sweeney, shared on X, Apple's "bad-faith" compliance undermines the judge's order that would have allowed buttons or external links "in addition to [in-app purchases.]" The Ninth Circuit District Court had ruled on one count of out ten in favor of Epic in its decision, finding that Apple violated California's Unfair Competition law. The decision meant Apple had to remove the "anti-steering" clause from its agreement with App Store developers. This clause for years had prevented app developers from directing their customers to other ways to pay for in-app purchases or subscriptions from inside their apps, leading to confusing screens or broken features, where customers would have to figure out on their own how to make the necessary purchases from the developer's website.

Apple has announced changes to its U.S. App Store, allowing developers to link to alternative payment methods, "provided that the app also offer purchases through Apple's own In-App Purchase system," reports 9to5Mac. The change comes in light of the Supreme Court declining to hear Apple's appeal in its legal battle with Epic Games. From the report: The guideline says that developers can apply for an entitlement that allows them to include buttons or links directing users to out-of-app purchasing mechanisms: "Developers may apply for an entitlement to provide a link in their app to a website the developer owns or maintains responsibility for in order to purchase such items. Learn more about the entitlement. In accordance with the entitlement agreement, the link may inform users about where and how to purchase those in-app purchase items, and the fact that such items may be available for a comparatively lower price. The entitlement is limited to use only in the iOS or iPadOS App Store on the United States storefront. In all other storefronts, apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase."

According to Apple, the link to an alternative payment platform can only be displayed on "one app page the end user navigates to (not an interstitial, modal, or pop-up), in a single, dedicated location on such page, and may not persist beyond that page." Apple has provided templates that developers can use for communicating with customers about alternative in-app payment systems [...]. Apple has also confirmed that it will charge a commission on purchases made through alternative payment platforms. This commission will be 12% for developers who are a member of the App Store Small Business Program and 27% for other apps. The commission will apply to "purchases made within seven days after a user taps on an External Purchase Link and continues from the system disclosure sheet to an external website." Apple says developers will be required to provide accounting of qualifying out-of-app purchases and remit the appropriate commissions. [...] However, Apple also says that collecting this commission will be "exceedingly difficult and, in many cases, impossible." [...]

The other anti-steering change that Apple is required to make is to allow developers to communicate with customers outside of their apps about alternative purchasing options, such as via email. Apple made this change in 2021 as part of its settlement of a class-action lawsuit brought on by small developers.

The U.S. Supreme Court on Tuesday declined to hear a challenge by Apple to a lower court's decision requiring changes to certain rules in its lucrative App Store, as the justices shunned the lengthy legal battle between the iPhone maker and Epic Games, maker of the popular video game "Fortnite." Reuters: The justices also turned away Epic's appeal of the lower court's ruling that Apple's App Store policies limiting how software is distributed and paid for do not violate federal antitrust laws. The justices gave no reasons for their decision to deny the appeals. In a series of posts on X, Epic CEO Tim Sweeney wrote: The Supreme Court denied both sides' appeals of the Epic v. Apple antitrust case. The court battle to open iOS to competing stores and payments is lost in the United States. A sad outcome for all developers. Now the District Court's injunction against Apple's anti-steering rule is in effect, and developers can include in their apps "buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to IAP."

As of today, developers can begin exercising their court-established right to tell US customers about better prices on the web. These awful Apple-mandated confusion screens are over and done forever. The fight goes on. Regulators are taking action and policymakers around the world are passing new laws to end Apple's illegal and anticompetitive app store practices. The European Union's Digital Markets Act goes into effect March 7.

Sara Fischer reports via Axios: ChatGPT maker OpenAI says it's rolling out new policies and tools meant to combat misinformation and abuse ahead of 2024 elections worldwide. 2024 is one of the biggest election years in history -- with high-stakes races in over 50 countries globally. It's also the first major election cycle where generative AI tools will be widely available to voters, governments and political campaigns. In a statement published Monday, OpenAI said it will lean into verified news and image authenticity programs to ensure users get access to high-quality information throughout elections.

The company will add digital credentials set by a third-party coalition of AI firms that encode details about the origin of images created using its image generator tool, DALL-E 3. The firm says it's experimenting with a new "provenance classifier" tool that can detect AI-generated images that have been made using DALL-E. It hopes to make that tool available to its first group of testers, including journalists, researchers and other tech platforms, for feedback. OpenAI will continue integrating its ChatGPT platform with real-time news reporting globally, "including attribution and links," it said. That effort builds on a first-of-its-kind deal announced with German media giant Axel Springer last year that offers ChatGPT users summaries of select global news content from the company's outlets. In the U.S., OpenAI says it's working with the nonpartisan National Association of Secretaries of State to direct ChatGPT users to CanIVote.org for authoritative information on U.S. voting and elections.

Because generative AI technology is so new, OpenAI says it's still working to understand how effective its tools might be for political persuasion. To hedge against abuse, the firm doesn't allow people to build applications for political campaigning and lobbying, and it doesn't allow engineers to create chatbots that pretend to be real people, such as candidates. Like most tech firms, it doesn't allow users to build applications for its ChatGPT platform that deter people from participating in the democratic process.

Long-time Slashdot readers necro81 writes: The popular vision of Neptune is azure blue. This comes mostly from the publicly released images from Voyager 2's flyby in 1989 — humanity's only visit to this icy giant at the edge of the solar system. But it turns out that view is a bit distorted — the result of color-enhancing choices made by NASA at the time. A new report from Oxford depicts Neptune's blue color as more muted, with a touch of green, not much different than Uranus. The truer-to-life view comes from re-analyzing the Voyager data, combined with ground-based observations going back decades. (Add'l links here, here, and here.)

This is nothing new: most publicity images released by space agencies — of planets, nebulae, or the surface of Mars — have undergone some color-enhancement for visual effect. (They'll also release "true-color" images, which try to best mimic what the human eye would see.) Many images — such as those from the infrared-seeing JWST — need wholesale coloration of their otherwise invisible wavelengths. The new report is a good reminder, though, to remember that scientific cameras are pretty much always black and white; color images come from combining filters in various ways.
Also thanks to long-time Slashdot reader Geoffrey.landis for sharing the story.

Perplexity, a startup going after Google's dominant position in web search, has won backing from Jeff Bezos and venture capitalists betting that artificial intelligence will upend the way people find information online. From a report: Started less than two years ago, Perplexity has fewer than 40 employees and is based out of a San Francisco co-working space. The company's product, which it calls an answer engine, is used by about 10 million people monthly. Those ingredients were enough to persuade Institutional Venture Partners, Bezos and other tech executives to invest $74 million in the company, the largest sum raised by an internet search startup in recent years. The investment valued Perplexity at $520 million, including the new money, said Chief Executive Officer Aravind Srinivas.

Amazon.com, the e-commerce company chaired by Bezos, has committed to investing billions in Anthropic, the AI startup behind the chatbot Claude. The path to competing with Google is littered with carcasses, and Microsoft itself has struggled for years to dislodge the company's roughly 90% market share in online search. Others, including tech giants, are incorporating AI into their search engines. Perplexity's founders said their advantage is using advances in AI to provide direct answers, instead of website links, in response to search queries, without some of the limitations felt by larger companies.

An anonymous reader quotes a report from Gizmodo: Facebook recently rolled out a new "Link History" setting that creates a special repository of all the links you click on in the Facebook mobile app. Users can opt-out, but Link History is turned on by default, and the data is used for targeted ads. The company pitches Link History as a useful tool for consumers "with your browsing activity saved in one place," rather than another way to keep tabs on your behavior. With the new setting you'll "never lose a link again," Facebook says in a pop-up encouraging users to consent to the new tracking method. The company goes on to mention that "When you allow link history, we may use your information to improve your ads across Meta technologies."

Facebook promises to delete the Link History it's created for you within 90 days if you turn the setting off. According to a Facebook help page, Link History isn't available everywhere. The company says it's rolling out globally "over time." This is a privacy improvement in some ways, but the setting raises more questions than it answers. Meta has always kept track of the links you click on, and this is the first time users have had any visibility or control over this corner of the company's internet spying apparatus. In other words, Meta is just asking users for permission for a category of tracking that it's been using for over a decade. Beyond that, there are a number of ways this setting might give users an illusion of privacy that Meta isn't offering. "The Link History doesn't mention anything about the invasive ways Facebook monitors what you're doing once you visit a webpage," notes Gizmodo's Thomas Germain. "It seems the setting only affects Meta's record of the fact that you clicked a link in the first place. Furthermore, Meta links everything you do on Facebook, Instagram, WhatsApp, and its other products. Unlike several of Facebook's other privacy settings, Link History doesn't say that it affects any of Meta's other apps, leaving you with the data harvesting status quo on other parts of Mark Zuckerberg's empire."

"Link History also creates a confusing new regime that establishes privacy settings that don't apply if you access Facebook outside of the Facebook app. If you log in to Facebook on a computer or a mobile browser instead, Link History doesn't protect you. In fact, you can't see the Link History page at all if you're looking at Facebook on your laptop."

The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. From a report: Links to download the source code were shared on numerous channels, including Discord, a dark web website, and a Telegram channel that the hackers previously used to leak stolen Rockstar data. In a post to a Grand Theft Auto leak channel on Telegram, the channel owner known as 'Phil' posted links to the stolen source code, sharing a screenshot of one of the folders.

An anonymous reader quotes a report from TechCrunch: In recent years, tools such as Figma, TLDraw, Apple's Freeform and Arc browser's Easel functionality have tried to sell the idea of using an "infinite canvas" for capturing and sharing ideas. French startup Kosmik is building on that general concept with a knowledge-capturing tool that doesn't require the user to switch between different windows or apps to capture information. Kosmik was founded in 2018 by Paul Rony and Christophe Van Deputte. Prior to that, Rony worked at a video production company as a junior director, and he wanted a single whiteboard-type canvas instead of file and folders where he could put videos, PDFs, websites, notes and drawings. And that's when he started to build Kosmic, Rony told TechCrunch, drawing on a prior background in computing history and philosophy.

"It took us almost three years to make a working product to include baseline features like data encryption, offline-first mode and build a spatial canvas-based UI," Rony explained. "We have built all of this on IPFS, so when two people collaborate everything is peer-to-peer rather than relying on a server-based architecture." Kosmik offers an infinite canvas interface where you can insert text, images, videos, PDFs and links, which can be opened and previewed in a side panel. It also features a built-in browser, saving users from having to switch windows when they need to find a relevant website link. Additionally, the platform sports a PDF reader, which lets the user extract elements such as images and text.

The tool is useful for designers, architects, consultants, and students to build boards of information for different projects. The tool is useful for them as they don't need to open up a bunch of Chrome tabs and put details into a document, which is not a very visual medium for various media types. Some retail investors are using the app to monitor stock prices and consultants are using them for their project boards. Available via the web, Mac, and Windows, Kosmik ships with a basic free tier, though this has a limit of 50MB of files and 5GB of storage with 500 canvas "elements." For more storage and unlimited elements, the company offers a $5.99 monthly subscription, with plans in place to eventually offer a "pay-once" model for those who only want to use the software on a single device.

"The Ministry of Justice is consulting on digitizing and then throwing away about 100 million paper originals of the last wills and testaments of British people dating back more than 150 years in an effort to save 4.5 million pounds a year," reports Robert Booth via The Guardian. Leading historians are calling these plans "sheer vandalism" and "insane." From the report: Ministers believe digitisation will speed up access to the papers, but the proposal has provoked a backlash among historians and archivists who took to X to decry it as "bananas" and "a seriously bad idea." The government is proposing to keep the originals of some wills of "famous people" -- likely including those of Charles Darwin, Charles Dickens and Diana, Princess of Wales -- but others would be destroyed after 25 years and only a digital copy would be kept. It is feared that wills of ordinary people, some of whom may become historically significant in the future, risk being lost.

Wills are considered essential documents, particularly for social historians and genealogists, as they capture what people considered important at the time and reveal unknown family links. The proposal comes amid growing concern at the fragility of digital archives, after a cyber-attack on the British Library left the online catalogue and digitized documents unavailable to users since late October. "We are advocates of digitization but not at the cost of destroying originals," says Natalie Pithers, interim co-chief executive of the Society of Genealogists. "In any digitization projects mistakes get made. We don't know what further information could be gained in the future from the original documents. There could be somebody in there who did something extraordinary."