BrianFagioli writes: Canonical has introduced a new service enabling the creation of custom distroless Docker images under its "Everything LTS" program. This initiative allows customers to include any open-source software in their Docker images, regardless of whether it is packaged in Ubuntu, with a security maintenance commitment of up to 12 years. [...] This expansion of the Ubuntu Pro offering incorporates numerous new open-source components, especially current AI/ML tools, maintained directly from the source rather than as traditional 'deb' packages. This approach aims to minimize the attack surface of containers, thereby enhancing security and aiding compliance with various regulatory standards such as FIPS, FedRAMP, EU Cyber Resilience Act, FCC U.S. Cyber Trust Mark, and DISA-STIG.

YouTube is negotiating with major record labels to license songs for AI tools that clone popular artists' music, according to Financial Times. The Google-owned platform is offering upfront payments to Sony, Warner, and Universal to secure rights for training AI software, aiming to launch new features this year. But there are roadblocks to the deal, the story adds: However, many artists remain fiercely opposed to AI music generation, fearing it could undermine the value of their work. Any move by a label to force their stars into such a scheme would be hugely controversial. [...]

YouTube last year began testing a generative AI tool that lets people create short music clips by entering a text prompt. The product, initially named "Dream Track," was designed to imitate the sound and lyrics of well-known singers. But only 10 artists agreed to participate in the test phase, including Charli XCX, Troye Sivan and John Legend, and Dream Track was made available to a just small group of creators.

The U.S. Supreme Court on Wednesday rejected to impose limits on the way President Joe Biden's administration may communicate with social media platforms, overturning a lower court decision in a case brought by Missouri, Louisiana, and five individuals. In a 6-3 ruling, the court found plaintiffs lacked legal standing to sue, unable to show a "concrete link" between officials' conduct and harm suffered.

The case centered on whether the administration coerced platforms to censor disfavored speech when alerting them to content violating their policies, particularly regarding elections and COVID-19. The administration argued it sought to mitigate online misinformation hazards. Plaintiffs claimed platforms suppressed conservative-leaning speech under government pressure. The Justice Department contended that government officials have long used their platform to express views on public matters.

Thomas Claburn reports via The Register: Mozilla Corporation was sued this month in the US, along with three of its executives, for alleged disability discrimination and retaliation against Chief Product Officer Steve Teixeira. Teixeira, according to a complaint filed in King County Superior Court in the State of Washington, had been tapped to become CEO when he was diagnosed with ocular melanoma on October 3, 2023. Teixeira then took medical leave for cancer treatment from October 30, 2023, through February 1, 2024. "Immediately, upon his return, Mozilla campaigned to demote or terminate Mr Teixeira citing groundless concerns and assumptions about his capabilities as an individual living with cancer," the complaint [PDF] says. "Interim Chief Executive Officer Laura Chambers and Chief People Officer Dani Chehak were clear with Mr Teixeira: He could not continue as Chief Product Officer -- and could not continue as a Mozilla employee in any capacity beyond 2024 -- because of his diagnosis."

Chambers and Chehak are both named in the complaint, along with Mitchell Baker, the former CEO of Mozilla who stepped down in February and announced Chambers as her successor. "Mr Teixeira was enthusiastic to resume his critical role after treatment, but Mozilla would not tolerate an executive with cancer," said Amy Kangas Alexander, an attorney with law firm Stokes Lawrence who is representing the plaintiff, in an email to The Register. "When Mr Teixeira refused to be marginalized because of his disability, Mozilla retaliated and placed him on leave against his will. Mozilla has sidelined Mr Teixeira at the very moment he needs to be preparing his family for the possibility of a future without him."

The complaint claims that Teixeira, appointed in August 2022, helped reverse the decade-long decline of Firefox, which generates about 90 percent of Mozilla's revenue and is the company's only profitable product. He's further credited with growing Mozilla's advertising business, and AI capabilities, and with reducing investment in the money-losing Pocket service. These and other successes, it's alleged, led to conversation in September 2023 when Baker outlined a plan for Teixeira to become CEO. Then he took medical leave and before he could return, the complaint says, Chambers was appointed interim CEO and Baker was removed, becoming Executive Chair of the Board of Directors. [...] A Mozilla spokesperson said in a statement: "We are aware of the lawsuit filed against Mozilla. We deny the allegations and intend to vigorously defend against this lawsuit. Mozilla has a 25-plus-year track record of maintaining the highest standards of integrity and compliance with all applicable laws. We look forward to presenting our defense in court and are confident that the facts will demonstrate that we have acted appropriately. As this is an ongoing legal matter, we will not be providing further comments at this time."

In a new study published in the journal Nature Geoscience, scientists have identified a new Antarctic ice sheet "tipping point" where slight increases in the temperature of seawater infiltrating coastal ice sheets can lead to significant ice loss due to feedback loops that expand underwater cavities and accelerate ice collapse into the ocean. This mechanism could potentially cause future sea level rise to far exceed current predictions, impacting major global cities and billions of people. The Guardian reports: The researchers used computer models to show that a "very small increase" in the temperature of the intruding water could lead to a "very big increase" in the loss of ice -- ie, tipping point behavior. It is unknown how close the tipping point is, or whether it has even been crossed already. But the researchers said it could be triggered by temperature rises of just tenths of a degree, and very likely by the rises expected in the coming decades. [...] The new research [...] found that some Antarctic ice sheets were more vulnerable to seawater intrusion than others. The Pine Island glacier, currently Antarctica's largest contributor to sea level rise, is especially vulnerable, as the base of the glacier slopes down inland, meaning gravity helps the seawater penetrate. The large Larsen ice sheet is similarly at risk. The so-called "Doomsday" glacier, Thwaites, was found to be among the least vulnerable to seawater intrusion. This is because the ice is flowing into the sea so fast already that any cavities in the ice melted by seawater intrusion are quickly filled with new ice.

Birth rates in the world's rich economies have more than halved since 1960 to hit a record low, according to a study that urged countries to prepare for a "lower fertility future." From a report: The average number of children per woman across the 38 most industrialised countries has fallen from 3.3 in 1960 to 1.5 in 2022, according to a study by the OECD published on Thursday. The fertility rate is now well below the "replacement level" of 2.1 children per woman -- at which a country's population is considered to be stable without immigration -- in all the group's member countries except for Israel. "This decline will change the face of societies, communities and families and potentially have large effects on economic growth and prosperity," warned the Paris-based organisation.

Faltering population growth acts as a drag on economic expansion. Across the EU, the rise in overall labour force participation will soon not be enough to compensate for its falling working-age population, exacerbating labour shortages, according to the IMF and European Commission's 2024 ageing report. Coupled with rising life expectancy, low births also put pressure on public finances as they leave fewer people contributing the tax revenues needed to pay for the rising costs of an ageing population. A lack of pupils is also driving an increase in school closures across Europe, Japan and South Korea.

The Biden administration is investigating China Mobile, China Telecom and China Unicom over concerns the firms could exploit access to American data through their U.S. cloud and internet businesses by providing it to Beijing, Reuters reported Tuesday, citing sources familiar with the matter. From the report: The companies still have a small presence in the United States, for example, providing cloud services and routing wholesale U.S. internet traffic. That gives them access to Americans' data even after telecom regulators barred them from providing telephone and retail internet services in the United States.

Reuters found no evidence the companies intentionally provided sensitive U.S. data to the Chinese government or committed any other type of wrongdoing. The investigation is the latest effort by Washington to prevent Beijing from exploiting Chinese firms' access to U.S. data to harm companies, Americans or national security, as part of a deepening tech war between the geopolitical rivals. It shows the administration is trying to shut down all remaining avenues for Chinese companies already targeted by Washington to obtain U.S. data.

An anonymous reader quotes a report from The Guardian: A new law coming into effect in Colorado in July is banning everyday products that intentionally contain toxic "forever chemicals," including clothes, cookware, menstruation products, dental floss and ski wax -- unless they can be made safer. Under the legislation, which takes effect on 1 July, many products using per- and poly-fluoroalkyl substances -- or PFAS chemicals linked to cancer risk, lower fertility and developmental delays -- will be prohibited starting in 2026. By 2028, Colorado will also ban the sale of all PFAS-treated clothes, backpacks and waterproof outdoor apparel. The law will also require companies selling PFAS-coated clothing to attach disclosure labels.

The initial draft of state senate bill 81, introduced in 2022, included a full ban on PFAS beginning in 2032. But that measure was written out after facing opposition. Colorado has already passed a measure requiring companies to phase out PFAS in carpets, furniture, cosmetics, juvenile products, some food packaging and those used in oil and gas production. The incoming law's diluted version illustrates the challenges lawmakers have in regulating chemicals that are used to make products waterproof, nonstick or resistant to staining. Manufacturers say the products, at best, will take time to make with a safer replacement -- or at worst, are not yet possible to get made in such fashion. [...]

In Colorado, state senator Lisa Cutter, one of the sponsors of the new law there, has said she still wants a complete ban on PFAS but acknowledges the problems. "As much as I want PFAS to go away forever and forever, there are going to be some difficult pivots," she told the outlet. They include balancing the potential cost to consumers in making products PFAS-free. Cutter told CBS News that it was "really hard" challenging lobbying groups that "spent a lot of money ensuring that these chemicals can continue being put into our products and make profits." Cutter had been accused of stifling innovation and industry. She said she believed companies could be successful while also looking out for the communities they serve. "Certainly, there are cases where it's not plausible right away to gravitate away from them, but we need to be moving in that direction," Cutter said. "Our community shouldn't have to pay the price for their health."

An anonymous reader quotes a report from TechCrunch: Google announced on Monday that it's bringing its AI technology Gemini to teen students using their school accounts, after having already offered Gemini to teens using their personal accounts. The company is also giving educators access to new tools alongside this release. Google says that giving teens access to Gemini can help prepare them with the skills they need to thrive in a future where generative AI exists. Gemini will help students learn more confidently with real-time feedback, the company believes.

Google claims it will not use data from chats with students to train and improve its AI models, and has taken steps to ensure it's bringing this technology to students responsibly. Gemini has guardrails that will prevent inappropriate responses, such as illegal or age-gated substances, from appearing in responses. It will also actively recommend teens use its double-check feature to help them develop information literacy and critical thinking skills. Gemini will be available to teen students while using their Google Workspace for Education accounts in English in more than 100 countries. Gemini will be off by default for teens until admins choose to turn it on. Google also announced that it's launching its Read Along in Classroom feature worldwide to help students improve reading skills with real-time support. Educators can assign grade-level or phonics-based reading activities and receive insights on students' reading accuracy, speed, and comprehension.

French universities are becoming hotbeds for AI innovation, attracting investors seeking the next tech breakthrough. Ecole Polytechnique, a 230-year-old institution near Paris, stands out with 57% of France's AI startup founders among its alumni, according to Dealroom data analyzed by Accel. The school's approach combines STEM education with humanities and military training, producing well-rounded entrepreneurs. "AI is now instilling every discipline the same way mathematics did years ago," said Dominique Rossin, the school's provost. "We really push our students out of their comfort zone and encourage them to try new subjects and discover new areas in science," he added.

France leads Europe in AI startup funding, securing $2.3 billion and outpacing the UK and Germany, according to Dealroom.

Dutch technology investor Prosus has written down its stake in Indian edtech firm Byju's to zero, a stark fall for a startup once valued at $22 billion. Prosus, holding a 9.6% stake, cited a "significant decrease in value for equity investors" in its earnings report.

Byju's, which sells online courses to K12 students, is grappling with financial and governance issues and declining revenues. The departure of its auditor and board members, including a Prosus executive, further rattled investor confidence last year.

It's been a 1,000 years since there was a significant volcanic eruption from Mount Rainier, CNN reminds readers. It's a full 60 miles from Tacoma, Washington — and 90 miles from Seattle. Yet "more than Hawaii's bubbling lava fields or Yellowstone's sprawling supervolcano, it's Mount Rainier that has many U.S. volcanologists worried."

"Mount Rainier keeps me up at night because it poses such a great threat to the surrounding communities, said Jess Phoenix, a volcanologist and ambassador for the Union of Concerned Scientists, on an episode of CNN's series "Violent Earth With Liv Schreiber." The sleeping giant's destructive potential lies not with fiery flows of lava, which, in the event of an eruption, would be unlikely to extend more than a few miles beyond the boundary of Mount Rainier National Park in the Pacific Northwest. And the majority of volcanic ash would likely dissipate downwind to the east away from population centers, according to the US Geological Survey. Instead, many scientists fear the prospect of a lahar — a swiftly moving slurry of water and volcanic rock originating from ice or snow rapidly melted by an eruption that picks up debris as it flows through valleys and drainage channels.

"The thing that makes Mount Rainier tough is that it is so tall, and it's covered with ice and snow, and so if there is any kind of eruptive activity, hot stuff ... will melt the cold stuff and a lot of water will start coming down," said Seth Moran, a research seismologist at USGS Cascades Volcano Observatory in Vancouver, Washington. "And there are tens, if not hundreds of thousands of people who live in areas that potentially could be impacted by a large lahar, and it could happen quite quickly." The deadliest lahar in recent memory was in November 1985 when Colombia's Nevado del Ruiz volcano erupted. Just a couple hours after the eruption started, a river of mud, rocks, lava and icy water swept over the town of Armero, killing over 23,000 people in a matter of minutes... Bradley Pitcher, a volcanologist and lecturer in Earth and environmental sciences at Columbia University, said in an episode of CNN's "Violent Earth"... said that Mount Rainier has about eight times the amount of glaciers and snow as Nevado del Ruiz had when it erupted. "There's the potential to have a much more catastrophic mudflow...."

Lahars typically occur during volcanic eruptions but also can be caused by landslides and earthquakes. Geologists have found evidence that at least 11 large lahars from Mount Rainier have reached into the surrounding area, known as the Puget Lowlands, in the past 6,000 years, Moran said.
Two major U.S. cities — Tacoma and South Seattle — "are built on 100-foot-thick (30.5-meter) ancient mudflows from eruptions of Mount Rainier," the volcanologist said on CNN's "Violent Earth" series.

CNN's article adds that the US Geological Survey already set up a lahar detection system at Mount Rainier in 1998, "which since 2017 has been upgraded and expanded. About 20 sites on the volcano's slopes and the two paths identified as most at risk of a lahar now feature broadband seismometers that transmit real-time data and other sensors including trip wires, infrasound sensors, web cameras and GPS receivers."

Michigan's House of Representatives passed a bill requiring all the state's public high schools to offer a computer science course by the start of the 2027-28 school year. (The bill now goes to the Senate, according to a report from Chalkbeat Detroit.)

Long-time Slashdot reader theodp writes: Michigan is also removing the requirement for CS teacher endorsements in 2026, paving the way for CS courses to be taught in 2027 by teachers who have "demonstrated strong computer science skills" but do not hold a CS endorsement. Michigan's easing of CS teaching requirements comes in the same year that New York State will begin requiring credentials for all CS teachers.

With lobbyist Julia Wynn from the tech giant-backed nonprofit Code.org sitting at her side, Michigan State Rep. Carol Glavnille introduced the CS bill (HB5649) to the House in May (hearing video, 16:20). "This is not a graduation requirement," Glavnille emphasized in her testimony. Code.org's Wynn called the Bill "an important first step" — after all, Code.org's goal is "to require all students to take CS to earn a HS diploma" — noting that Code.org has also been closely collaborating with Michigan's Education department "on the language and the Bill since inception." Wynn went on to inform lawmakers that "even just attending a high school that offers computer science delivers concrete employment and earnings benefits for students," citing a recent Brookings Institute article that also noted "30 states have adopted a key part of Code.org Advocacy Coalition's policy recommendations, which require all high schools to offer CS coursework, while eight states (and counting) have gone a step further in requiring all students to take CS as a high school graduation requirement."

Minutes from the hearing report other parties submitting cards in support of HB 5649 included Amazon (a $3+ million Code.org Platinum Supporter) and AWS (a Code.org In-Kind Supporter), as well as College Board (which offers the AP CS A and CSP exams) and TechNet (which notes its "teams at the federal and state levels advocate with policymakers on behalf of our member companies").

OpenAI's 'Media Manager' Mocked, Amid Accusations of Robbing Creative Professionals "Amid the hype surrounding Apple's new deal with OpenAI, one issue has been largely papered over," argues the Executive Director of America's writer's advocacy group, the Authors Guild.

OpenAI's foundational models "are, and have always been, built atop the theft of creative professionals' work." [L]ast month the company quietly announced Media Manager, scheduled for release in 2025. A tool purportedly designed to allow creators and content owners to control how their work is used, Media Manager is really a shameless attempt to evade responsibility for the theft of artists' intellectual property that OpenAI is already profiting from.

OpenAI says this tool would allow creators to identify their work and choose whether to exclude it from AI training processes. But this does nothing to address the fact that the company built its foundational models using authors' and other creators' works without consent, compensation or control over how OpenAI users will be able to imitate the artists' styles to create new works. As it's described, Media Manager puts the burden on creators to protect their work and fails to address the company's past legal and ethical transgressions. This overture is like having your valuables stolen from your home and then hearing the thief say, "Don't worry, I'll give you a chance to opt out of future burglaries ... next year...."

AI companies often argue that it would be impossible for them to license all the content that they need and that doing so would bring progress to a grinding halt. This is simply untrue. OpenAI has signed a succession of licensing agreements with publishers large and small. While the exact terms of these agreements are rarely released to the public, the compensation estimates pale in comparison with the vast outlays for computing power and energy that the company readily spends. Payments to authors would have minimal effects on AI companies' war chests, but receiving royalties for AI training use would be a meaningful new revenue stream for a profession that's already suffering...

We cannot trust tech companies that swear their innovations are so important that they do not need to pay for one of the main ingredients — other people's creative works. The "better future" we are being sold by OpenAI and others is, in fact, a dystopia. It's time for creative professionals to stand together, demand what we are owed and determine our own futures.
The Authors Guild (and 17 other plaintiffs) are now in an ongoing lawsuit against OpenAI and Microsoft. And the Guild's executive director also notes that there's also "a class action filed by visual artists against Stability AI, Runway AI, Midjourney and Deviant Art, a lawsuit by music publishers against Anthropic for infringement of song lyrics, and suits in the U.S. and U.K. brought by Getty Images against Stability AI for copyright infringement of photographs."

They conclude that "The best chance for the wider community of artists is to band together."

Multiple AI companies are ignoring Robots.txt files meant to block the scraping of web content for generative AI systems, reports Reuters — citing a warning sent to publisher by content licensing startup TollBit. TollBit, an early-stage startup, is positioning itself as a matchmaker between content-hungry AI companies and publishers open to striking licensing deals with them. The company tracks AI traffic to the publishers' websites and uses analytics to help both sides settle on fees to be paid for the use of different types of content... It says it had 50 websites live as of May, though it has not named them. According to the TollBit letter, Perplexity is not the only offender that appears to be ignoring robots.txt. TollBit said its analytics indicate "numerous" AI agents are bypassing the protocol, a standard tool used by publishers to indicate which parts of its site can be crawled.

"What this means in practical terms is that AI agents from multiple sources (not just one company) are opting to bypass the robots.txt protocol to retrieve content from sites," TollBit wrote. "The more publisher logs we ingest, the more this pattern emerges."

The article includes this quote from the president of the News Media Alliance (a trade group representing over 2,200 U.S.-based publishers). "Without the ability to opt out of massive scraping, we cannot monetize our valuable content and pay journalists. This could seriously harm our industry."

Reuters also notes another threat facing news sites: Publishers have been raising the alarm about news summaries in particular since Google rolled out a product last year that uses AI to create summaries in response to some search queries. If publishers want to prevent their content from being used by Google's AI to help generate those summaries, they must use the same tool that would also prevent them from appearing in Google search results, rendering them virtually invisible on the web.

An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London...

NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.

A website and helpline has been set up for patients affected.

In 2022, Red Hat announced plans to extend RHEL to the automotive industry through Red Hat In-Vehicle Operating System (providing automakers with an open and functionally-safe platform). And this week Red Hat announced it achieved ISO 26262 ASIL-B certification from exida for the Linux math library (libm.so glibc) — a fundamental component of that Red Hat In-Vehicle Operating System.

From Red Hat's announcement: This milestone underscores Red Hat's pioneering role in obtaining continuous and comprehensive Safety Element out of Context certification for Linux in automotive... This certification demonstrates that the engineering of the math library components individually and as a whole meet or exceed stringent functional safety standards, ensuring substantial reliability and performance for the automotive industry. The certification of the math library is a significant milestone that strengthens the confidence in Linux as a viable platform of choice for safety related automotive applications of the future...

By working with the broader open source community, Red Hat can make use of the rigorous testing and analysis performed by Linux maintainers, collaborating across upstream communities to deliver open standards-based solutions. This approach enhances long-term maintainability and limits vendor lock-in, providing greater transparency and performance. Red Hat In-Vehicle Operating System is poised to offer a safety certified Linux-based operating system capable of concurrently supporting multiple safety and non-safety related applications in a single instance. These applications include advanced driver-assistance systems (ADAS), digital cockpit, infotainment, body control, telematics, artificial intelligence (AI) models and more. Red Hat is also working with key industry leaders to deliver pre-tested, pre-integrated software solutions, accelerating the route to market for SDV concepts.
"Red Hat is fully committed to attaining continuous and comprehensive safety certification of Linux natively for automotive applications," according to the announcement, "and has the industry's largest pool of Linux maintainers and contributors committed to this initiative..."

Or, as Network World puts it, "The phrase 'open source for the open road' is now being used to describe the inevitable fit between the character of Linux and the need for highly customizable code in all sorts of automotive equipment."

The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked".

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

Slashdot reader DevNull127 writes: A free and open source ChatGPT clone — named LibreChat — lets its users choose which AI model to use, "to harness the capabilities of cutting-edge language models from multiple providers in a unified interface". This means LibreChat includes OpenAI's models, but also others — both open-source and closed-source — and its website promises "seamless integration" with AI services from OpenAI, Azure, Anthropic, and Google — as well as GPT-4, Gemini Vision, and many others. ("Every AI in one place," explains LibreChat's home page.) Plugins even let you make requests to DALL-E or Stable Diffusion for image generations. (LibreChat also offers a database that tracks "conversation state" — making it possible to switch to a different AI model in mid-conversation...)

Released under the MIT License, LibreChat has become "an open source success story," according to this article, representing "the passionate community that's actively creating an ecosystem of open source AI tools." And its creator, Danny Avila, says in some cases it finally lets users own their own data, "which is a dying human right, a luxury in the internet age and even more so with the age of LLM's." Avila says he was inspired by the day ChatGPT leaked the chat history of some of its users back in March of 2023 — and LibreChat is "inherently completely private". From the article:

With locally-hosted LLMs, Avila sees users finally getting "an opportunity to withhold training data from Big Tech, which many trade at the cost of convenience." In this world, LibreChat "is naturally attractive as it can run exclusively on open-source technologies, database and all, completely 'air-gapped.'" Even with remote AI services insisting they won't use transient data for training, "local models are already quite capable" Avila notes, "and will become more capable in general over time."

And they're also compatible with LibreChat...