An anonymous reader quotes a report from CNN: A group of teenage hackers managed to breach some of the world's biggest tech firms last year by exploiting systemic security weaknesses in US telecom carriers and the business supply chain, a US government review of the incidents has found, in what is a cautionary tale for America's critical infrastructure. The Department of Homeland Security-led review of the hacks, which was shared exclusively with CNN, determined US regulators should penalize telecom firms with lax security practices and Congress should consider funding programs to steer American youth away from cybercrime. The investigation of the hacks -- which hit companies like Microsoft and Samsung -- found that, in general, it was far too easy for the cybercriminals to intercept text messages that corporate employees use to log into systems. [...]

"It is highly concerning that a loose band of hackers, including a number of teenagers, was able to consistently break into the best-defended companies in the world," Homeland Security Secretary Alejandro Mayorkas told CNN in an interview, adding: "We are seeing a rise in juvenile cybercrime." After a series of high-profile cyberattacks marked his first four months in office, President Joe Biden established the DHS-led Cyber Safety Review Board in 2021 to study the root causes of major hacking incidents and inform policy on how to prevent the next big cyberattack. Staffed by senior US cybersecurity officials and executives at major technology firms like Google, the board does not have regulatory authority, but its recommendations could shape legislation in Congress and future directives from federal agencies. [...]

The board's first review, released in July 2022, concluded that it could take a decade to eradicate a vulnerability in software used by thousands of corporations and government agencies worldwide. The second review, to be released Thursday, focused on a band of young criminal hackers based in the United Kingdom and Brazil that last year launched a series of attacks on Microsoft, Uber, Samsung and identity management firm Okta, among others. The audacious hacks were often followed by extortion demands and taunts by hackers who seemed to be out for publicity as much as they were for money. The hacking group, known as Lapsus$, alarmed US officials because they were able to embarrass major tech firms with robust security programs. "If richly resourced cybersecurity programs were so easily breached by a loosely organized threat actor group, which included several juveniles, how can organizations expect their programs to perform against well-resourced cybercrime syndicates and nation-state actors?" the Cyber Safety Review Board's new report states. Lapsus$, as well as other hacking groups, conduct "SIM-swapping" attacks that can take over a victim's phone number by having it transferred to another device, thereby gaining access to 2FA security codes and personal messages. These can then be used to reveal login credentials and access financial information.

"The board wants telecom carriers to report SIM-swapping attacks to US regulatory agencies, and for those agencies to penalize carriers when they don't adequately protect customers from such attacks," reports CNN.

An anonymous reader quotes a report from BleepingComputer: Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime. [...] Last week, one of Moq's owners, Daniel Cazzulino (kzu), who also maintains the SponsorLink project, added SponsorLink to Moq versions 4.20.0 and above. This move sent shock waves across the open source ecosystem largely for two reasons -- while Cazzulino has every right to change his project Moq, he did not notify the user base prior to bundling the dependency, and SponsorLink DLLs contain obfuscated code, making it is hard to reverse engineer, and not quite "open source."

"It seems that starting from version 4.20, SponsorLink is included," Germany-based software developer Georg Dangl reported referring to Moq's 4.20.0 release. "This is a closed-source project, provided as a DLL with obfuscated code, which seems to at least scan local data (git config?) and sends the hashed email of the current developer to a cloud service." The scanning capability is part of the .NET analyzer tool that runs during the build process, and is hard to disable, warns Dangl. "I can understand the reasoning behind it, but this is honestly pretty scary from a privacy standpoint."

SponsorLink describes itself as a means to integrate GitHub Sponsors into your libraries so that "users can be properly linked to their sponsorship to unlock features or simply get the recognition they deserve for supporting your project." GitHub user Mike (d0pare) decompiled the DLLs, and shared a rough reconstruction of the source code. The library, according to the analyst, "spawns external git process to get your email." It then calculates a SHA-256 hash of the email addresses and sends it to SponsorLink's CDN: hxxps://cdn.devlooped[.]com/sponsorlink. "Honestly Microsoft should blacklist this package working with the NuGet providers," writes Austin-based developer Travis Taylor. "The author can't be trusted. This was an incredibly stupid move that's just created a ton of work for lots of people." Following the backlash, Cazzulino updated the SponsorLink project's README with a lengthy "Privacy Considerations" section that clarifies that no actual email addresses, just their hashes, are being collected.

Microsoft is bringing its AI-powered Bing Chat to all mobile browsers as part of the broader changes to stop blocking Bing Chat on third-party browsers. The Verge reports: Bing Chat first launched in February, but it was restricted to Microsoft's own Edge browser. Microsoft started opening up to Chrome and Safari desktop browsers in late July as part of testing for full third-party browser support. "With so many new, useful features now a part of Bing, we're excited to announce you can start experiencing the new AI-powered Bing in third-party browsers on web and mobile soon," says the Bing team in a blog post. "This next step in the journey allows Bing to showcase the incredible value of summarized answers, image creation and more, to a broader array of people."

Filipe Esposito, writing for Apple-focused news site 9to5Mac: As reported by Windows Latest, the Cortana app has received an update via the Microsoft Store after two years without getting a single new feature. But instead of new features, the update pretty much kills Cortana and now shows a message saying that "Cortana in Windows as a standalone app is deprecated." [...] Earlier this week, during a call with investors, Apple CEO Tim Cook reinforced that Apple has been conducting research with a "wide range of AI technologies," including "generative AI" for years. Multiple rumors have pointed to Apple internally developing a technology to compete with ChatGPT. However, while Microsoft and Google have already made their new tools available to the public, Apple is still a long way off.

In the meantime, Siri is still Siri. Even Apple employees complain about "organizational dysfunction and a lack of ambition" when it comes to the development of Apple's virtual assistant. Some employees point out that Siri is still based on a very legacy technology and that improving it would require a lot of efforts. Seeing what other companies are achieving with generative AI, I do think it's time for Apple to give up on Siri and focus its efforts on new technologies. What about you? What are your thoughts on Apple, Siri, and AI?

An anonymous reader quotes a report from Ars Technica: Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is "grossly irresponsible" and mired in a "culture of toxic obfuscation." The comments from Amit Yoran, chairman and CEO of Tenable, come six days after Sen. Ron Wyden (D-Ore.) blasted Microsoft for what he said were "negligent cybersecurity practices" that enabled hackers backed by the Chinese government to steal hundreds of thousands of emails from cloud customers, including officials in the US Departments of State and Commerce. Microsoft has yet to provide key details about the mysterious breach, which involved the hackers obtaining an extraordinarily powerful encryption key granting access to a variety of its other cloud services. The company has taken pains ever since to obscure its infrastructure's role in the mass breach.

On Wednesday, Yoran took to LinkedIn to castigate Microsoft for failing to fix what the company said on Monday was a "critical" issue that gives hackers unauthorized access to data and apps managed by Azure AD, a Microsoft cloud offering for managing user authentication inside large organizations. Monday's disclosure said that the firm notified Microsoft of the problem in March and that Microsoft reported 16 weeks later that it had been fixed. Tenable researchers told Microsoft that the fix was incomplete. Microsoft set the date for providing a complete fix to September 28.

"To give you an idea of how bad this is, our team very quickly discovered authentication secrets to a bank," Yoran wrote. "They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft." He continued: "Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix -- and only for new applications loaded in the service." In response, Microsoft officials wrote: "We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications. Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximized customer protection with minimized customer disruption." Microsoft went on to say that the initial fix in June "mitigated the issue for the majority of customers" and "no customer action is required."

In a separate email, Yoran responded: "It now appears that it's either fixed, or we are blocked from testing. We don't know the fix, or mitigation, so hard to say if it's truly fixed, or Microsoft put a control in place like a firewall rule or ACL to block us. When we find vulns in other products, vendors usually inform us of the fix so we can validate it effectively. With Microsoft Azure that doesn't happen, so it's a black box, which is also part of the problem. The 'just trust us' lacks credibility when you have the current track record."

The Excel World Championship is coming back to ESPN this week. On Friday morning at 7AM ET, as part of ESPN's annual "The Ocho" event, a few of the world's foremost Excel experts will battle to solve puzzles on the biggest stage in sports. From a report: The Ocho is an ESPN event designed to show off otherwise un-televised sports -- Excel is on the docket alongside "2023 Slippery Stairs," the "Pillow Fight Championship," and competitions in everything from belt-sanding to sign spinning -- but it's still a big deal. When competitive Excel showed up on the network last year, the sport found a whole new audience. More than 800,000 people have since watched the full 2.5-hour competition on YouTube (ESPN showed a 30-minute edit of the battle), and the folks who started the World Championship say it changed the event's trajectory forever.

An anonymous reader shares a report: When Microsoft releases new test builds of Windows, there are usually a handful of features that are announced but only actually enabled for a small subset of testers. Sometimes it's because the company is A/B testing a couple of different versions of the same thing or because Microsoft wants to roll out major changes to a few users before rolling them out to everyone. Users normally have little control over whether new features actually appear in their Windows beta installs, but Microsoft has internal software called StagingTool that its own developers can use to switch things on and off themselves.

And now StagingTool has leaked to the public, thanks to a "bug bash" the company is running this week to find and fix problems before the next big batch of new Windows features releases this fall. As reported by The Verge, some bug bash participants were sent on "quests" that explicitly mentioned using the StagingTool to turn on specific features. Those quests and the tool itself have since been removed from Microsoft's servers, but StagingTool is already being freely distributed among Windows enthusiasts who want more control over the features they see.

German semiconductor maker Infineon Technologies AG announced that it's producing a printed circuit board (PCB) that dissolves in water. Engadget reports: Jiva's biodegradable PCB is made from natural fibers and a halogen-free polymer with a much lower carbon footprint than traditional boards made with fiberglass composites. A 2022 study by the University of Washington College of Engineering and Microsoft Research saw the team create an Earth-friendly mouse using a Soluboard PCB as its core. The researchers found that the Soluboard dissolved in hot water in under six minutes. However, it can take several hours to break down at room temperature.

In addition to dissolving the PCB fibers, the process makes it easier to retrieve the valuable metals attached to it. âoeAfter [it dissolves], we're left with the chips and circuit traces which we can filter out,â said UW assistant professor Vikram Iyer, who worked on the mouse project. The video [here] shows the Soluboard dissolving in a frying pan with boiling water. "Adopting a water-based recycling process could lead to higher yields in the recovery of valuable metals," said Jonathan Swanston, CEO and co-founder of Jiva Materials. Jiva says the board has a 60 percent smaller carbon footprint than traditional PCBs -- specifically, it can save 10.5 kg of carbon and 620 g of plastic per square meter of PCB.

Microsoft is extending the repairability program it introduced for its Surface PC products to include replacement parts for its Xbox Wireless Controller and Xbox Elite Controller Series 2 products. Neowin reports: The page on the Microsoft Store site shows that replacement parts are available for the top case for both versions of the controller, along with replacement buttons. In addition, Microsoft is selling Replacement Input PCBA boards for those Xbox controllers, along with the Replacement PCBA and Motor Assembly parts as well. The parts do come with a one-year warranty.

In a new support page, Microsoft makes it clear that these parts should only be purchased and used for Xbox controllers that are out of their normal warranty period. On another support page, the company adds: "These types of repairs require moderate technical skill, and are suited for enthusiasts, professionals, or those with prior experience in electronic disassembly. If this is your first attempt at performing a repair, use caution and follow our safety recommendations and step-by-step instructions."

Microsoft also says that certain tools, which are not directly sold by the company, will be needed to replace and repair the controllers. They include a plastic pry tool, TR8 and T5 Torx screwdriver bits and plastic tweezers. Microsoft does offer PDF files (PDF) and even offers YouTube video tutorials for repairing the Xbox Wireless Controller and the Xbox Elite Wireless Controller Series 2.

Microsoft is making it a lot more convenient to use multiple high refresh rate monitors with Windows 11. From a report: The software giant has started testing a Windows 11 update that automatically adjusts refresh rates on multiple monitors depending on what content is being displayed, which should improve power usage and could even result in some GPUs spinning up their fans less often. "We have improved refresh rate logic to allow different refresh rates on different monitors, depending on the refresh rate for each monitor and content shown on the screen," explains Microsoft in a Windows Insider blog from last week. "This will help most with refresh rate-dependent multitasking, like playing a game and watching a video at the same time." If you have multiple monitors that support high refresh rates then running them at their full potential often increases the power draw of your GPU. Nvidia RTX 30- and 40-series Founders Edition cards also have a zero RPM mode, which will keep the fans at zero even when you're watching video content on a single monitor. If you add a second high refresh rate display, this often disables the zero RPM mode and means the GPU keeps its fans spinning if you have both monitors at high refresh rates.

It's a high bar, but companies reporting second-quarter earnings in recent weeks have talked up artificial intelligence even more than in the previous quarter. From a report: S&P 500 companies that led in discussion of AI during quarterly conference calls with analysts earlier this year have outdone themselves in their latest quarterly calls. Following Intel's report late on Thursday, executives and analysts on its call mentioned AI 58 times, up from 15 mentions in its previous call in April.

Intel so far has missed out on the boom in components for AI computing, and sales in its data center and AI business fell 15% in the second quarter. Intel is now rushing to catch up with Nvidia and other rivals whose chips enable the technology behind ChatGPT. A 6.6% surge in Intel's shares on Friday following its report was due to optimism about a recovery in weak demand for personal computers.

Participants on Alphabet's analyst call on Tuesday mentioned AI 62 times, up from 52 times three months ago. The same day, AI was mentioned 58 times on Microsoft's call, up from 35 times in its previous call. The recent surge in companies talking about their plans related to AI reflects Wall Street's recent overwhelming optimism about using generative AI and related technologies to offer new services and boost efficiency across a spectrum of industries. That has helped fuel a 37% surge in the Nasdaq this year and a 20% gain in the S&P 500.

Oxide Computer Company spent four years working toward "The power of the cloud in your data center... bringing hyperscaler agility to the mainstream enterprise." And on June 30, Oxide finally shipped its very first server rack.

Long-time Slashdot reader destinyland shares this report: It's the culmination of years of work — to fulfill a long-standing dream. In December of 2019, Oxide co-founder Jess Frazelle had written a blog post remembering conversations over the year with people who'd been running their own workloads on-premises... "Hyperscalers like Facebook, Google, and Microsoft have what I like to call 'infrastructure privilege' since they long ago decided they could build their own hardware and software to fulfill their needs better than commodity vendors. We are working to bring that same infrastructure privilege to everyone else!"

Frazelle had seen a chance to make an impact with "better integration between the hardware and software stacks, better power distribution, and better density. It's even better for the environment due to the energy consumption wins."
Oxide CTO Bryan Cantrill sees real problems in the proprietary firmware that sits between hardware and system software — so Oxide's server eliminates the BIOS and UEFI altogether, and replaces the hardware-managing baseboard management controller (or BMC) with "a proper service processor." They even wrote their own custom, all-Rust operating system (named Hubris). On the Software Engineering Daily podcast, Cantrill says "These things boot like a rocket."

And it's all open source. "Everything we do is out there for people to see and understand..." Cantrill added. On the Changelog podcast Cantrill assessed its significance. "I don't necessarily view it as a revolution in its own right, so much as it is bringing the open source revolution to firmware."

Oxide's early funders include 92-year-old Pierre Lamond (who hired Andy Grove at Fairchild Semiconductor) — and customers who supported their vision. On Software Engineering Daily's podcast Cantrill points out that "If you're going to use a lot of compute, you actually don't want to rent it — you want to own it."

Thursday Bill Gates launched a new podcast called "Unconfuse Me." ("What do you do when you can't solve a problem? I like to talk to smart people who can help me understand the subject better...") Join me on my learning journey as I talk to brilliant guests about Alzheimer's, artificial intelligence, the future of education, plant-based meat, the evolution of language, marijuana, and more.
The first words of the first episode are a clip of Seth Rogen saying "Edibles? I don't mess with that. Snoop Dogg doesn't eat edibles. Like, that's how wild the variation on edibles is, and I do not recommend this."

Then Bill Gates' voice says "I love learning, even if a topic's complex, I like to see if I can figure it out..." People reports that the 67-year-old Microsoft co-founder and former CEO also spoke to Rogen and his wife Lauren Miller about the future of Alzheimer's research: With studies showing that "40% of cases" are preventable, according to Rogen, the "five brain healthy habits" in their framework are important: sleep, exercise, nutrition, mental fitness and emotional well-being.

He even confessed that his being a celebrity encourages people to better care for themselves. "I taught this coursework of brain health, and we've also had a neurologist teach the coursework, and we scientifically proved that people retain information better from celebrities than doctors, which is it's a heavy burden," he joked, adding that this information "was published..."

Miller also shared that she goes to a neurologist and the pair are both "open" with their doctors about their habits, and "no one" in the medical world has told them that smoking weed is bad for their brain health. They even believe its benefits of boosting hunger and relieving stress might be good for preventing Alzheimer's. "It's not federally legal, so there isn't money to fund research," Miller said.

Gates later concluded the podcast with his own funny anecdote, laughing about his first time he ever smoked weed — back when it was a "rebellious" thing to do. "In school out of the, say 105 people in my class I think, there were three or four who didn't smoke," he said. "Because it was kind of a, 'Hey, I'm an adult! Hey I can break the rules!' But I will say, sometimes it's like, I guess I'm doing this to be cool. It wasn't so much smoking for pot's sake."

LinkedIn appears to be developing a new AI tool that can help ease the effectively robotic task of looking for and applying to jobs. From a report: According to a new leak, the Microsoft-owned company seems to have a new "LinkedIn Coach" assistant in testing that could support you through the application processes, teach you new skills, and help you network on your LinkedIn network. The news comes from app researcher Nima Owji, who uncovers features from various developers that haven't been deployed yet. In an email, LinkedIn spokesperson Amanda Purvis tells The Verge the company is "always exploring" new ways to improve user experience on the platform. Purvis adds that the company "will have more to share soon."

European Union regulators on Thursday opened an antitrust investigation into Microsoft's bundling of its video and chat app Teams with other Office products. From a report: The European Commission, the EU's executive arm, said that these practices may constitute anti-competitive behavior. It is the first antitrust investigation by the EU into Microsoft in over a decade. "The Commission is concerned that Microsoft may grant Teams a distribution advantage by not giving customers the choice on whether or not to include access to that product when they subscribe to their productivity suites and may have limited the interoperability between its productivity suites and competing offerings," the EU regulators said on Thursday in a press release. In other words, the EU is concerned Microsoft is not giving customers the choice to not buy Teams when they subscribe to the company's Office 365 product. In doing so, Microsoft might be stopping other companies from competing in the workplace messaging and video app space.

Customers have asked to run OpenAI models on non-Microsoft cloud services or on their own local servers, but OpenAI has no immediate plans to offer such options, Semafor reported Wednesday, citing people familiar with the matter. From the report: That means there's one area where rivals of the ChatGPT creator have an edge: flexibility. To use OpenAI's technology, paying customers have two choices: They can go directly through OpenAI or through investment partner Microsoft, which has inked a deal to be the exclusive cloud service for OpenAI.

Microsoft will not allow OpenAI's models to be available on other cloud providers, according to a person briefed on the matter. Companies that exclusively use rivals, such as Amazon Web Services, Google Cloud or Oracle, can't be OpenAI customers. But Microsoft would allow OpenAI models to be offered "on premises" in which customers build their own servers. Creating such solutions would pose some challenges, particularly around OpenAI's intellectual property. But it is technically feasible, this person said.

Some of the world's most advanced artificial intelligence companies have formed a group to research increasingly powerful AI and establish best practices for controlling it, as public anxiety and regulatory scrutiny over the impact of the technology increases. From a report: On Wednesday, Anthropic, Google, Microsoft and OpenAI launched the Frontier Model Forum, with the aim of "ensuring the safe and responsible development of frontier AI models." In recent months, the US companies have rolled out increasingly powerful AI tools that produce original content in image, text or video form by drawing on a bank of existing material. The developments have raised concerns about copyright infringement, privacy breaches and that AI could ultimately replace humans in a range of jobs.

"Companies creating AI technology have a responsibility to ensure that it is safe, secure, and remains under human control," said Brad Smith, vice-chair and president of Microsoft. "This initiative is a vital step to bring the tech sector together in advancing AI responsibly and tackling the challenges so that it benefits all of humanity." Membership of the forum is limited only to the handful of companies building "large-scale machine-learning models that exceed the capabilities currently present in the most advanced existing models," according to its founders.

Google and Apple dominate the market for online maps, charging mobile app developers for access to their mapping services. The other mega-cap tech companies are joining together to help create another option. From a report: A group formed by Meta, Microsoft and Amazon Web Services, along with TomTom, is releasing data that could enable companies to build their own maps, without having to rely on Google or Apple. The Overture Maps Foundation, which was established late last year, captured 59 million "points of interest," such as restaurants, landmarks, streets and regional borders. The data has been cleaned and formatted so it can be used for free as the base layer for a new map application.

Meta and Microsoft collected and donated the data to Overture, according to Marc Prioleau, executive director of the OMF. Data on places is often difficult to collect and license, and building map data requires lots of time and staff to gather and clean it, he told CNBC in an interview. "We have some companies that, if they wanted to invest to build the map data, they could," Prioleau said. Rather than spending that kind of money, he said, companies were asking, "Can we just get collaboration around the open base map?" Overture is aiming to establish a baseline for maps data so that companies can use it to build and operate their own maps.

Long-time Slashdot reader theodp writes: The number one movie in North America is Warner Bros. Discovery's Barbie, which Deadline reports has teamed up with Oppenheimer to fuel a mind-blowing $300M+ box office weekend. ["Oppenheimer Shatters Expectations with $80 Million Debut," read the headline at Variety.]

Now it seems everybody is trying to tap into Barbie buzz, including Microsoft's Xbox [which added Barbie and Ken's cars to Forza Horizon 5] and even Microsoft-backed education nonprofit Code.org. ("Are your students excited about Barbie The Movie? Have them try an HourOfCode [programming game] with Barbie herself!").
The idea is to inspire young students to become coders. But as Code.org shares Instagram images of a software developer Barbie, Slashdot reader theodp remembers when, nine years ago, Code.org's CEO "took to Twitter to blast Barbie and urge for her replacement." They'd joined a viral 2014 Computer Engineer Barbie protest that arose in response to the publication of Barbie F***s It Up Again, a scathing and widely reported-on blog post that prompted Mattel to pull the book Barbie: I Can Be a Computer Engineer immediately from Amazon. This may have helped lead to Barbie's loss of her crown as the most popular girls' toy in the ensuing 2014 holiday season to Disney's Frozen princesses Elsa and Anna, and got the Mattel exec who had to apologize for Computer Engineer Barbie called to the White House for a sit down a few months later. (Barbie got a brainy makeover soon thereafter)...

The following year, Disney-owned Lucasfilm and Code.org teamed up on Star Wars: Building a Galaxy with Code, a signature tutorial for the 2015 Hour of Code. Returning to a Disney princess theme in 2016, Disney and Code.org revealed a new Hour of Code tutorial featuring characters from the animated film Moana just a day ahead of its theatrical release. It was later noted that Moana's screenwriters included Pamela Ribon, who penned the 2014 Barbie-blasting blog post that ended Barbie's short reign as the Hour of Code role model of choice for girls.

Interestingly, Ribon seems to bear no Barbie grudges either, tweeting on the day of the Barbie movie release, "I was like holy s*** can't wait to see it."
To be fair, the movie's trailer promises "If you hate Barbie, this movie is for you," in a deconstruction where Barbie is played by D.C. movies' "Harley Quinn" actress Margot Robbie (Suicide Squad, Birds of Prey), whose other roles include Tonya Harding and the home-wrecking second wife in The Wolf of Wall Street.

Earlier this week, Meta announced it has teamed up with Microsoft to launch Llama 2, its "open-source" large language model (LLM) that uses artificial intelligence to generate text, images, and code. In an opinion piece for The Register, long-time ZDNet contributor and technology analyst, Steven J. Vaughan-Nichols, writes: "Meta is simply open source washing an open but ultimately proprietary LLM." From the report: As Amanda Brock, CEO of OpenUK, said, it's "not an OSI approved license but a significant release of Open Technology ... This is a step to moving AI from the hands of the few to the many, democratizing technology and building trust in its use and future through transparency." And for many developers, that may be enough. [...] But the devil is in the details when it comes to open source. And there, Meta, with its Llama 2 Community License Agreement, falls on its face. As The Register noted earlier, the community agreement forbids the use of Llama 2 to train other language models; and if the technology is used in an app or service with more than 700 million monthly users, a special license is required from Meta. Stefano Maffulli, the OSI's executive director, explained: "While I'm happy that Meta is pushing the bar of available access to powerful AI systems, I'm concerned about the confusion by some who celebrate LLaMa 2 as being open source: if it were, it wouldn't have any restrictions on commercial use (points 5 and 6 of the Open Source Definition). As it is, the terms Meta has applied only allow some commercial use. The keyword is some."

Maffulli then dove in deeper. "Open source means that developers and users are able to decide for themselves how and where to use the technology without the need to engage with another party; they have sovereignty over the technology they use. When read superficially, Llama's license says, 'You can't use this if you're Amazon, Google, Microsoft, Bytedance, Alibaba, or your startup grows as big.' It may sound like a reasonable clause, but it also implicitly says, 'You need to ask us for permission to create a tool that may solve world hunger' or anything big like that." Stephen O'Grady, open source licensing expert and RedMonk co-founder, explained it like this: "Imagine if Linux was open source unless you worked at Facebook." Exactly. Maffulli concluded: "That's why open source has never put restrictions on the field of use: you can't know beforehand what can happen in the future, good or bad."

The OSI isn't the only open-source-savvy group that's minding the Llama 2 license. Karen Sadler, lawyer and executive director at the Software Freedom Conservancy, dug into the license's language and found that "the Additional Commercial Terms in section 2 of the license agreement, which is a limitation on the number of users, makes it non-free and not open source." To Sadler, "it looks like Meta is trying to push a license that has some trappings of an open source license but, in fact, has the opposite result. Additionally, the Acceptable Use Policy, which the license requires adherence to, lists prohibited behaviors that are very expansively written and could be very subjectively applied -- if you send out a mass email, could it be considered spam? If there's reasonably critical material published, would it be considered defamatory?" Last, but far from least, she "didn't notice any public drafting or comment process for this license, which is necessary for any serious effort to introduce a new license."