Windows Recall was "delayed" over concerns that storing unencrypted recordings of users' activity was a security risk.

But now Slashdot reader storagedude writes: The latest version of Microsoft's planned Windows Recall feature still contains data privacy and security vulnerabilities, according to a report by the Cyber Express.

Security researcher Kevin Beaumont — whose work started the backlash that resulted in Recall getting delayed last month — said the most recent preview version is still hackable by Alex Hagenah's "TotalRecall" method "with the smallest of tweaks."

The Windows screen recording feature could as yet be refined to fix security concerns, but some have spotted it recently in some versions of the Windows 11 24H2 release preview that will be officially released in the fall.
Cyber Express (the blog of threat intelligence vendor Cyble Inc) got this official response: Asked for comment on Beaumont's findings, a Microsoft spokesperson said the company "has not officially released Recall," and referred to the updated blog post that announced the delay, which said: "Recall will now shift from a preview experience broadly available for Copilot+ PCs on June 18, 2024, to a preview available first in the Windows Insider Program (WIP) in the coming weeks."

"Beyond that, Microsoft has nothing more to share," the spokesperson added.
Also this week, the blog Android Authority wrote that Google is planning to introduce its own "Google AI" features to Pixel 9 smartphones. They include the ability to enhance screenshots, an "Add Me" tool for group photos — and also "a feature resembling Microsoft's controversial Recall" dubbed "Pixel Screenshots." Google's take on the feature is different and more privacy-focused: instead of automatically capturing everything you're doing, it will only work on screenshots you take yourself. When you do that, the app will add a bit of extra metadata to it, like app names, web links, etc. After that, it will be processed by a local AI, presumably the new multimodal version of Gemini Nano, which will let you search for specific screenshots just by their contents, as well as ask a bot questions about them.

My take on the feature is that it's definitely a better implementation of the idea than what Microsoft created.. [B]oth of the apps ultimately serve a similar purpose and Google's implementation doesn't easily leak sensitive information...

It's worth mentioning Motorola is also working on its own version of Recall — not much is known at the moment, but it seems it will be similar to Google's implementation, with no automatic saving of everything on the screen.
The Verge describes the Pixel 9's Google AI as "like Microsoft Recall but a little less creepy."

"After approximately seven years in development, the Eclipse Foundation's Theia IDE project is now generally available," writes ADT magazine, "emerging from beta to challenge Microsoft's similar Visual Studio Code (VS Code) editor." The Eclipse Theia IDE is part of the Eclipse Cloud DevTools ecosystem. The Eclipse Foundation calls it "a true open-source alternative to VS Code," which was built on open source but includes proprietary elements, such as default telemetry, which collects usage data...

Theia was built on the same Monaco editor that powers VS Code, and it supports the same Language Server Protocol (LSP) and Debug Adapter Protocol (DAP) that provide IntelliSense code completions, error checking and other features. The Theia IDE also supports the same extensions as VS Code (via the Open VSX Registry instead of Microsoft's Visual Studio Code Marketplace), which are typically written in TypeScript and JavaScript. There are many, many more extensions available for VS Code in Microsoft's marketplace, while "Extensions for VS Code Compatible Editors" in the Open VSX Registry number 3,784 at the time of this writing...

The Eclipse Foundation emphasized another difference between its Theia IDE and VS Code: the surrounding ecosystem/community. "At the core of Theia IDE is its vibrant open source community hosted by the Eclipse Foundation," the organization said in a news release. "This ensures freedom for commercial use without proprietary constraints and fosters innovation and reliability through contributions from companies such as Ericsson, EclipseSource, STMicroelectronics, TypeFox, and more. The community-driven model encourages participation and adaptation according to user needs and feedback."

Indeed, the list of contributors to and adopters of the platform is extensive, also featuring Broadcom, Arm, IBM, Red Hat, SAP, Samsung, Google, Gitpod, Huawei and many others.
The It's FOSS blog has some screenshots and a detailed rundown.

ADT magazine stresses that there's also an entirely distinct (but related) project called the Eclipse Theia Platform (not IDE) which differs from VS Code by allowing developers "to create desktop and cloud IDEs using a single, open-source technology stack" [that can be used in open-source initiatives]. The Eclipse Theia platform "allows developers to customize every aspect of the IDE without forking or patching the code... fully tailored for the needs of internal company projects or for commercial resale as a branded product."

Longtime Slashdot reader theodp writes: "If Einstein paved the way for a new era in physics," explains auction house Christie's in a promotion piece for its upcoming offering of 150+ "objects of scientific and historical importance" from the Paul G. Allen Collection (including items from the shuttered Living Computers Museum), "Mr. Allen and his collaborators ushered in a new era of computing. Starting with MS-DOS in 1981, Microsoft then went on to revolutionize personal computing with the launch of Windows in 1985."

Christie's auction and characterization of MS-DOS as an Allen and Microsoft innovation comes 30 years after the death of Gary Kildall, whose unpublished memoir, the Seattle Times reported in Kildall's July 1994 obituary, called DOS "plain and simple theft" of Kildall's CP/M OS. PC Magazine's The Rise of DOS: How Microsoft Got the IBM PC OS Contract notes that Paul Allen himself traced the genesis of MS-DOS back to a phone call Allen made to Seattle Computer Products owner Rod Brock in which Microsoft licensed Tim Paterson's CP/M-inspired QDOS (Quick and Dirty Operating System) for $10,000 plus a royalty of $15,000 for every company that licensed the software. A shrewd buy-low-sell-high business deal, yes, but hardly an Einstein-caliber breakthrough idea.

An anonymous reader shares a report: A new test version of Windows 11 is available for Windows Insiders on the Dev Channel with Build 26120.961, which rolls out a significant change: a new Windows Start menu. You'll immediately notice that Microsoft has redesigned the Microsoft user account display, moving it to the center of the Start menu as soon as you click on the username or profile picture.

This new "account manager" feature gives you quicker access to your various Microsoft accounts, such as Microsoft 365, Xbox Game Pass, and OneDrive cloud storage. To no surprise, Microsoft is using this prominent display to remind you of their own products and services. The difference to the current Windows 11 Start menu is obvious, as the following screenshot shows:

Microsoft conducted another round of layoffs this week in the latest workforce reduction implemented by the Redmond tech giant this year. From a report: The cuts impacted multiple teams and geographies. Posts on LinkedIn from impacted employees show the cuts affecting employees in product and program management roles. "Organizational and workforce adjustments are a necessary and regular part of managing our business," a spokesperson said in a statement. "We will continue to prioritize and invest in strategic growth areas for our future and in support of our customers and partners."

theodp writes: As with last year," tweeted College Board's AP Program Chief Trevor Packer, "the most challenging free-response question on this year's AP Computer Science A exam was Q4 on 2D Array." While it takes six pages of the AP CS A exam document [PDF] to ask question 4 (of 4), the ask of students essentially boils down to using Java to move from the current location in a 2-D grid to either immediately below or to the right of that location based on which neighbor contains the lesser value, and adding the value at that location to a total (suggested Java solution, alternative Excel VBA solution). Much like rules of the children's game Pop-O-Matic Trouble, moves are subject to the constraint that you cannot move to the right or ahead if it takes you to an invalid position (beyond the grid dimensions).

Ironically, many of the AP CS A students who struggled with the grid coding problem were likely exposed by their schools from kindergarten on to more than a decade's worth of annual Hour of Code tutorials that focused on the concepts of using code to move about in 2-D grids. The move-up-down-left-right tutorials promoted by schools came from tech-backed nonprofit Code.org and its tech giant partners and have been taught over the years by the likes of Bill Gates, Mark Zuckerberg, and President Obama, as well as characters from Star Wars, Disney Princess movies, and Microsoft Minecraft.

The news of American high school students struggling again with fairly straightforward coding problems after a year-long course of instruction comes not only as tech companies and tech-tied nonprofits lobby state lawmakers to pass bills making CS a high school graduation requirement in the US, but also as a new report from King's College urges lawmakers and educators to address a stark decline in the number of UK students studying computing at secondary school, which is blamed on the replacement of more approachable ICT (Information and Communications Technology) courses with more rigorous computer science courses in 2013 (a switch pushed by Google and Microsoft), which it notes students have perceived as too difficult and avoided taking.

An anonymous reader quotes a report from Neowin: Former Microsoft CEO Steve Ballmer, known for his enthusiastic energy and salesmanship, is now richer than Microsoft co-founder Bill Gates. This is the first time Ballmer has surpassed Bill Gates in wealth. According to the Bloomberg Billionaires Index, Steve Ballmer is now the sixth-richest person in the world with a $157.2 billion net worth.

Steve Ballmer surpassed Bill Gates for two reasons: - Ninety percent of Steve Ballmer's wealth is in Microsoft stock. Ballmer remains the single largest individual shareholder of Microsoft stock. Microsoft's stock continues its strong growth momentum and is up 21% this year alone.
- Bill Gates diversified his portfolio through Cascade Investment. Therefore, his other investments did not yield the returns that Microsoft stock would have provided. "[T]he Bloomberg Billionaires Index only considers an individual's current personal wealth," notes the report. It doesn't take into consideration each of the executives' various charitable donations, such as Gates' $60 billion donation to the Gates Foundation or Ballmer's million-dollar donations to major universities in the U.S.

As reported by Bloomberg, Apple will get an "observer role" on OpenAI's board of directors as part of its partnership to integrate ChatGPT into iOS 18. That role will reportedly be filled by Apple Fellow, Phil Schiller. 9to5Mac reports: Apple having an "observer role" on the OpenAI board matches the role of Microsoft. Schiller will be able to observe and attend board meetings, but will not have any voting power: "The board observer role will put Apple on par with Microsoft, OpenAI's biggest backer and its main AI technology provider. The job allows someone to attend board meetings without being able to vote or exercise other director powers. Observers, however, do gain insights into how decisions are made at the company." The arrangement will take effect later this year, according to Bloomberg. Schiller "hasn't yet attended any meetings" of the OpenAI board and "details of the situation could still change."

Schiller served as Apple's long-time marketing chief before transitioning to an Apple Fellow role in 2020. In this role, Schiller continues to lead the App Store and Apple events and reports directly to Apple CEO Tim Cook. Schiller is also leading Apple's efforts to defend the App Store against antitrust allegations around the world.

Nearly half of Americans are using third-party antivirus software and the rest are either using the default protection in their operating system -- or none at all. From a report: In all, 46 percent of almost 1,000 US citizens surveyed by the reviews site Security.org said they used third-party antivirus on their computers, with 49 percent on their PCs, 18 percent using it on their tablets, and 17 percent on their phones. Of those who solely rely on their operating system's built-in security -- such as Microsoft's Windows Defender, Apple's XProtect, and Android's Google Play -- 12 percent are planning to switch to third-party software in the next six months.

Of those who do look outside the OS, 54 percent of people pay for the security software, 43 percent choose the stripped-down free version, and worryingly, three percent aren't sure whether they pay or not. Among paying users, the most popular brands were Norton, McAfee, and Malwarebytes, while free users preferred -- in order -- McAfee, Avast, and Malwarebytes. The overwhelming reason for purchasing, cited by 84 percent of respondents, was, of course, fear of malware. The next most common reasons were privacy, at 54 percent, and worries over online shopping, at 48 percent. Fear of losing cryptocurrency stashes from wallets was at eight percent, doubled since last year's survey.

storagedude shares a report from the Cyber Express: Some of the most widely used web and social media applications could be vulnerable to three newly discovered CocoaPods vulnerabilities -- including potentially millions of Apple devices, according to a report by The Cyber Express, the news service of threat intelligence vendor Cyble Inc. E.V.A Information Security researchers reported three vulnerabilities in the open source CocoaPods dependency manager that could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting "almost every Apple device." The researchers found vulnerable code in applications provided by Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft (Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more.

The vulnerabilities have been patched, yet the researchers still found 685 Pods "that had an explicit dependency using an orphaned Pod; doubtless there are hundreds or thousands more in proprietary codebases." The newly discovered vulnerabilities -- one of which (CVE-2024-38366) received a 10 out of 10 criticality score -- actually date from a May 2014 CocoaPods migration to a new 'Trunk' server, which left 1,866 orphaned pods that owners never reclaimed. While the vulnerabilities have been patched, the work for developers and DevOps teams that used CocoaPods before October 2023 is just getting started. "Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code," the E.V.A researchers said. "The vulnerabilities we discovered could be used to control the dependency manager itself, and any published package." [...] "Dependency managers are an often-overlooked aspect of software supply chain security," the researchers wrote. "Security leaders should explore ways to increase governance and oversight over the use these tools." "While there is no direct evidence of any of these vulnerabilities being exploited in the wild, evidence of absence is not absence of evidence." the EVA researchers wrote. "Potential code changes could affect millions of Apple devices around the world across iPhone, Mac, AppleTV, and AppleWatch devices."

While no action is required by app developers or users, the EVA researchers recommend several ways to protect against these vulnerabilities. To ensure secure and consistent use of CocoaPods, synchronize the podfile.lock file with all developers, perform CRC validation for internally developed Pods, and conduct thorough security reviews of third-party code and dependencies. Furthermore, regularly review and verify the maintenance status and ownership of CocoaPods dependencies, perform periodic security scans, and be cautious of widely used dependencies as potential attack targets.

Microsoft revealed that the Russian hackers who breached its systems earlier this year stole more emails than initially reported. "We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor," a Microsoft spokesperson told Bloomberg (paywalled). "This is increased detail for customers who have already been notified and also includes new notifications." The Register reports: We've been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, and sensitive U.S. government data. Reports last week revealed that the issue was even larger than initially believed and additional customers' data has been stolen. Along with Russia, Microsoft was also compromised by state actors from China not long ago, and that issue similarly led to the theft of emails and other data belonging to senior U.S. government officials.

Both incidents have led experts to call Microsoft a threat to U.S. national security, and president Brad Smith to issue a less-than-reassuring mea culpa to Congress. All the while, the U.S. government has actually invested more in its Microsoft kit. Bloomberg reported that emails being sent to affected Microsoft customers include a link to a secure environment where customers can visit a site to review messages Microsoft identified as having been compromised. But even that might not have been the most security-conscious way to notify folks: Several thought they were being phished.

In 1994, college student Jim Hall created FreeDOS (in response to Microsoft's plan to gradually phase out MS-DOS). After celebrating its 30th anniversary last week, Hill wrote a new article Saturday for OpenSource.net: "What I've learned about Open Source community over 30 years."

Lessons include "every Open Source project needs a website," but also "consider other ways to raise awareness about your Open Source software project." ("In the FreeDOS Project, we've found that posting videos to our YouTube channel is an excellent way to help people learn about FreeDOS... The more information you can share about your Open Source project, the more people will find it familiar and want to try it out.")

But the larger lesson is that "Open Source projects must be grounded in community." Without open doors for new ideas and ongoing development, even the most well-intentioned project becomes a stagnant echo chamber...

Maintain open lines of communication... This can take many forms, including an email list, discussion board, or some other discussion forum. Other forums where people can ask more general "Help me" questions are okay but try to keep all discussions about project development on your official discussion channel.
The last of its seven points stresses that "An Open Source project isn't really Open Source without source code that everyone can download, study, use, modify and share" (urging careful selection for your project's licensing). But the first point emphasizes that "It's more than just code," and Hall ends his article by attributing FreeDOS's three-decade run to "the great developers and users in our community." In celebrating FreeDOS, we are celebrating everyone who has created programs, fixed bugs, added features, translated messages, written documentation, shared articles, or contributed in some other way to the FreeDOS Project... Here's looking forward to more years to come!
Jim Hall is also Slashdot reader #2,985, and back in 2000 he answered questions from Slashdot's readers — just six years after starting the project. "Jim isn't rich or famous," wrote RobLimo, "just an old-fashioned open source contributor who helped start a humble but useful project back in 1994 and still works on it as much as he can."

As the years piled up, Slashdot ran posts celebrating FreeDOS's 10th, 15th, and 20th anniversary.

And then for FreeDOS's 25th, Hall returned to Slashdot to answer more questions from Slashdot readers...

It was analgous to the "Blue Screen of Death" that Windows gives for critical errors, Phoronix wrote. To enable error messages for things like a kernel panic, Linux 6.10 introduced a new panic handler infrastructure for "Direct Rendering Manager" (or DRM) drivers.

Phoronix also published a follow-up from Red Hat engineer Javier Martinez Canillas (who was involved in the new DRM Panic infrastructure). Given complaints about being too like Microsoft Windows following his recent Linux "Blue Screen of Death" showcase... Javier showed that a black screen of death is possible if so desired... After all, it's all open-source and thus can customize to your heart's content.
And now the panic handler is getting even more new features, Phoronix reported Friday: With the code in Linux 6.10 when DRM Panic is triggered, an ASCII art version of Linux's mascot, Tux the penguin, is rendered as part of the display. With Linux 6.11 it will also be able to handle displaying a monochrome image as the logo.

If ASCII art on error messages doesn't satisfy your tastes in 2024+, the DRM Panic code will be able to support a monochrome graphical logo that leverages the Linux kernel's boot-up logo support. The ASCII art penguin will still be used when no graphical logo is found or when the existing "LOGO" Kconfig option is disabled. (Those Tux logo assets being here.)

This monochrome logo support in the DRM Panic handler was sent out as part of this week's drm-misc-next pull request ahead of the Linux 6.11 merge window in July. This week's drm-misc-next material also includes TTM memory management improvements, various fixes to the smaller Direct Rendering Manager drivers, and also the previously talked about monochrome TV support for the Raspberry Pi.
Long-time Slashdot reader unixbhaskar thinks the new option "will certainly satisfy the modern people... But it is not as eye candy as people think... Moreover, it is monochrome, so certainly not resource-hungry. Plus, if all else fails, the ASCII art logo is still there to show!"

The Wall Street Journal reports that a European initiative studying the feasibility data centers in space "has found that the project could be economically viable" — while reducing the data center's carbon footprint.

And they add that according to coordinator Thales Alenia Space, the project "could also generate a return on investment of several billion euros between now and 2050." The study — dubbed Ascend, short for Advanced Space Cloud for European Net zero emission and Data sovereignty — was funded by the European Union and sought to compare the environmental impacts of space-based and Earth-based data centers, the company said. Moving forward, the company plans to consolidate and optimize its results. Space data centers would be powered by solar energy outside the Earth's atmosphere, aiming to contribute to the European Union's goal of achieving carbon neutrality by 2050, the project coordinator said... Space data centers wouldn't require water to cool them, the company said.
The 16-month study came to a "very encouraging" conclusion, project manager Damien Dumestier told CNBC. With some caveats... The facilities that the study explored launching into space would orbit at an altitude of around 1,400 kilometers (869.9 miles) — about three times the altitude of the International Space Station. Dumestier explained that ASCEND would aim to deploy 13 space data center building blocks with a total capacity of 10 megawatts in 2036, in order to achieve the starting point for cloud service commercialization... The study found that, in order to significantly reduce CO2 emissions, a new type of launcher that is 10 times less emissive would need to be developed. ArianeGroup, one of the 12 companies participating in the study, is working to speed up the development of such reusable and eco-friendly launchers. The target is to have the first eco-launcher ready by 2035 and then to allow for 15 years of deployment in order to have the huge capacity required to make the project feasible, said Dumestier...

Michael Winterson, managing director of the European Data Centre Association, acknowledges that a space data center would benefit from increased efficiency from solar power without the interruption of weather patterns — but the center would require significant amounts of rocket fuel to keep it in orbit. Winterson estimates that even a small 1 megawatt center in low earth orbit would need around 280,000 kilograms of rocket fuel per year at a cost of around $140 million in 2030 — a calculation based on a significant decrease in launch costs, which has yet to take place. "There will be specialist services that will be suited to this idea, but it will in no way be a market replacement," said Winterson. "Applications that might be well served would be very specific, such as military/surveillance, broadcasting, telecommunications and financial trading services. All other services would not competitively run from space," he added in emailed comments.

[Merima Dzanic, head of strategy and operations at the Danish Data Center Industry Association] also signaled some skepticism around security risks, noting, "Space is being increasingly politicised and weaponized amongst the different countries. So obviously, there is a security implications on what type of data you send out there."
Its not the only study looking at the potential of orbital data centers, notes CNBC. "Microsoft, which has previously trialed the use of a subsea data center that was positioned 117 feet deep on the seafloor, is collaborating with companies such as Loft Orbital to explore the challenges in executing AI and computing in space."

The article also points out that the total global electricity consumption from data centers could exceed 1,000 terawatt-hours in 2026. "That's roughly equivalent to the electricity consumption of Japan, according to the International Energy Agency."

Samantha Cole reports via 404 Media: A woman is suing Microsoft and two major U.S. sex toy retailers with claims that their websites are tracking users without their consent, despite promising they wouldn't do that. In a complaint (PDF) filed on June 25 in the Northern District of California, San Francisco resident Stella Tatola claims that Babeland and Good Vibrations -- both owned by Barnaby Ltd., LLC -- allowed Microsoft to see what visitors to their websites searched for and bought.

"Unbeknownst to Plaintiff and other Barnaby website users, and constituting the ultimate violation of privacy, Barnaby allows an undisclosed third-party, Microsoft, to intercept, read, and utilize for commercial gain consumers' private information about their sexual practices and preferences, gleaned from their activity on Barnaby's websites," the complaint states. "This information includes but is not limited to product searches and purchase initiations, as well as the consumer's unique Microsoft identifier." The complaint claims that Good Vibrations and Babeland sites have installed trackers using Microsoft's Clarity software, which does "recording in real time," and tracks users' mouse movements, clicks or taps, scrolls, and site navigation. Microsoft says on the Clarity site that it "processes a massive amount of anonymous data around user behavior to gain insights and improve machine learning models that power many of our products and services."

"By allowing undisclosed third party Microsoft to eavesdrop and intercept users' PPSI in such a manner -- including their sexual orientation, preferences, and desires, among other highly sensitive, protected information -- Barnaby violates its Privacy Policies, which state it will never share such information with third parties," the complaint states. The complaint includes screenshots of code from the sexual health sites that claims to show them using Machine Unique Identifier ("MUID") cookies that "identifies unique web browsers visiting Microsoft sites," according to Microsoft, and are used for "advertising, site analytics, and other operational purposes." The complaint claims that this violates the California Invasion of Privacy Act, the Federal Wiretap Act, and Californians' reasonable expectation of privacy.

An anonymous reader shares a report: Starting with those builds, Windows 11 will show a Game Pass recommendation / ad within the Settings app. The advertisement will appear on both Windows 11 Home and Windows 11 Pro if you actively play games on your PC. Microsoft lists this feature first under the "Highlights" section of its blog post about the update. Some users aren't pleased. "Microsoft has gone too far," news blog TechRadar wrote.

An anonymous reader shares a report: Bill Gates has defended the rapid rise in energy use caused by AI systems, arguing the technology would ultimately offset its heavy consumption of electricity. Speaking in London, Gates urged environmentalists and governments to "not go overboard" on concerns about the huge amounts of power required to run new generative AI systems, as Big Tech companies such as Microsoft race to invest tens of billions of dollars in vast new data centres.

Data centres will drive a rise in global electricity usage of between 2-6 per cent, the billionaire said. "The question is, will AI accelerate a more than 6 per cent reduction? And the answer is: certainly," said Gates, the Microsoft co-founder who has been a prolific investor in companies developing sustainable energy and carbon- reduction technologies. In May, Microsoft admitted that its greenhouse gas emissions had risen by almost a third since 2020, in large part due to the construction of data centres.

Gates, who left Microsoft's board in 2020 but remains an adviser to chief executive Satya Nadella, said tech companies would pay a "green premium" -- or higher price -- for clean energy as they seek new sources of power, which was helping to drive its development and deployment. "The tech companies are the people willing to pay a premium and to help bootstrap green energy capacity," he said at the Breakthrough Energy Summit in London on Thursday.

Russian hackers who broke into Microsoft's systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. Reuters: The disclosure underscores the breadth of the breach as Microsoft faces increasing regulatory scrutiny over the security of its software and systems against foreign threats. An allegedly Chinese hacking group that separately breached Microsoft last year stole thousands of U.S. government emails. Microsoft said it was also sharing the compromised emails with its customers, but did not say how many customers had been impacted, nor how many emails may have been stolen.

The Center for Investigative Reporting (CIR), the nation's oldest nonprofit newsroom, sued OpenAI and Microsoft in federal court on Thursday for allegedly using its content to train AI models without consent or compensation. CIR, founded in 1977 in San Francisco, evolved into a multi-platform newsroom with its flagship distribution platform Reveal. In February, it merged with Mother Jones.

"OpenAI and Microsoft started vacuuming up our stories to make their product more powerful, but they never asked for permission or offered compensation, unlike other organizations that license our material," said Monika Bauerlein, CEO of the Center for Investigative Reporting, in a statement. "This free rider behavior is not only unfair, it is a violation of copyright. The work of journalists, at CIR and everywhere, is valuable, and OpenAI and Microsoft know it." Bauerlein said that OpenAI and Microsoft treat the work of nonprofit and independent publishers "as free raw material for their products," and added that such moves by generative AI companies hurt the public's access to truthful information in a "disappearing news landscape." Engadget reports: The CIR's lawsuit, which was filed in Manhattan's federal court, accuses OpenAI and Microsoft, which owns nearly half of the company, of violating the Copyright Act and the Digital Millennium Copyright Act multiple times.

News organizations find themselves at an inflection point with generative AI. While the CIR is joining publishers like The New York Times, New York Daily News, The Intercept, AlterNet and Chicago Tribune in suing OpenAI, others publishers have chosen to strike licensing deals with the company. These deals will allow OpenAI to train its models on archives and ongoing content published by these publishers and cite information from them in responses offered by ChatGPT.

Brandon Vigliarolo reports via The Register: American healthcare provider Geisinger fears highly personal data on more than a million of its patients has been stolen -- and claimed a former employee at a Microsoft subsidiary is the likely culprit. Geisinger on Monday announced the results of a probe into a November computer security breach, placing the blame on Microsoft-owned Nuance Communications for not cutting off one of its employees' access to corporate files after that person was fired. The Pennsylvania-based healthcare giant uses Nuance as an IT provider. We're told that after the Microsoft-owned entity terminated one of its workers, that staffer two days later may have accessed and taken copies of sensitive records on a huge number of Geisinger patients -- for reasons as yet unknown.

Geisinger -- which says it operates 13 hospitals and has more than 600,000 members -- said it discovered the improper access on November 29, informed Nuance, and the IT supplier immediately cut off the former employee from the healthcare group's data before involving police. "Because it could have impeded their investigation, law enforcement investigators asked Nuance to delay notifying patients of this incident until now," Geisinger claimed, explaining why only now this is coming to light. "The former Nuance employee has been arrested and is facing federal charges." It's not immediately clear if or what charges have been laid -- we've asked Geisinger for details.

Speech recognition firm Nuance performed its own probe, according to Geisinger, and determined that the former employee may have stolen information on a million-plus people. That info would include birth dates, addresses, hospital admission and discharge records, demographic information, and other medical data. The ex-employee didn't swipe insurance or other financial information, the multi-billion-dollar healthcare group stated. "We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges," Geisinger chief privacy officer Jonathan Friesen alleged, adding: "I am sorry that this happened."