Some companies that pay for OpenAI's artificial intelligence have been looking to cut costs with free, open-source alternatives. But these AI customers are realizing that oftentimes open-source tech can actually be more expensive than buying from OpenAI. The Information: Take Andreas Homer and Ebby Amir, co-founders of Cypher, an app that helps people create virtual versions of themselves in the form of a chatbot. Industry excitement this summer about the release of Llama 2, an open-source large language model from Meta Platforms, prompted the duo to test it for their app, leading to a $1,200 bill in August from Google Cloud, Cypher's cloud provider. Then they tried using GPT-3.5 Turbo, an OpenAI model that underpins services such as ChatGPT, and were surprised to see that it cost around $5 per month to handle the same amount of work.

Baseten, a startup that helps developers use open-source LLMs, says its customers report that using Llama 2 out of the box costs 50% to 100% more than for OpenAI's GPT-3.5 Turbo. The open-source option is cheaper only for companies that want to customize an LLM by training it on their data; in that case, a customized Llama 2 model costs about one-fourth as much as a customized GPT-3.5 Turbo model, Baseten found. Baseten also found that OpenAI's most advanced model, GPT-4, is about 15 times more expensive than Llama 2, but typically it's only needed for the most advanced generative AI tasks like code generation rather than the ones most large enterprises want to incorporate.

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. From a report: "From September 28, 2023 to October 17, 2023, a threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 Okta customers, or less than 1% of Okta customers," Okta revealed. "Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks. The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 customers, 3 of whom have shared their own response to this event." The three Okta customers that already disclosed they were targeted due to the company's October security breach are 1Password, BeyondTrust, and Cloudflare. They all notified Okta of suspicious activity after detecting unauthorized attempts to log into in-house Okta administrator accounts.

Alphabet's Google and property developer Lendlease Group have ended an agreement to build four projects in the San Francisco Bay Area as the technology firm reviews its real estate footprint. From a report: Lendlease said it will be compensated for its work during the planning process for the projects, which are located in San Jose, Sunnyvale and Mountain View, according to a statement Thursday. "The decision to end these agreements followed a comprehensive review by Google of its real estate investments, and a determination by both organizations that the existing agreements are no longer mutually beneficial given current market conditions," Sydney-based Lendlease said in the statement.

The projects would have totaled more than 15 million square feet (1.4 million square meters) of office, residential, retail, hospitality and community development space. The projects were also slated to bring more housing to California's tight residential market. Google still plans to work with developers and capital partners to move the projects forward, according to a spokesperson. "As we've shared before, we've been optimizing our real estate investments in the Bay Area, and part of that work is looking at a variety of options to move our development projects forward and deliver on our housing commitment," Alexa Arena, a senior director of development at Google, said in an emailed statement.

An anonymous reader quotes a report from Ars Technica: There's plenty of fear, uncertainty, and doubt about electric cars and the potential risk of battery fires, but the regular old 12 V battery is responsible for Toyota issuing a recall for more than 1.8 million cars this week. Toyota says the problem is due to differences in the sizes of replacement batteries -- some have smaller tops than others, and if a smaller-top battery isn't held in properly by its clamp, the battery could move under hard cornering, letting the positive terminal contact the clamp, causing a short-circuit and possible fire risk.

The problem affects 2013-2018 RAV4s -- about 1,854,000 of them, according to Toyota. The official National Highway Traffic Safety Administration safety recall notice has not yet been posted, but NHTSA's Office of Defects Investigation has had an open case looking into the problem since February 2021, after 11 complaints about "non-crash thermal events" starting in the engine bays of RAV4s. Toyota says that it's working on a new hold-down clamp, battery tray, and positive terminal cover. Once those are ready, the automaker will replace those components for free. The automaker says owners should be contacted about the recall by late December.

An anonymous reader quotes a report from 9to5Google: Coming out of the ongoing Google antitrust trial, an internal Apple presentation has surfaced (via The Verge) in which the company called Android a "massive tracking device." The presentation in question was regarding a push within Apple to start "Competing on Privacy." The slides, made in January 2013, dove into how Apple's competitors (Google, Facebook, Amazon, and Microsoft primarily) handled privacy matters and user data. A "privacy timeline" includes some 2000s and 2010s events that made headlines regarding privacy, such as Google's Street View cars recording private Wi-Fi networks and Instagram's aim to use user photos in its ads, as well as Google's privacy policy move to combining user data across services. Apple went on to compare how its products handle privacy differently from Google and others.

The presentation culminates in the full-page statement [...] where Apple says that "Android is a massive tracking device." The slideshow is partially redacted and abridged, which leaves out the context of this statement, but it's certainly a bold way to talk about a competitor. Of course, all mobile devices do a whole lot of tracking, whether it's Android or iOS.

An anonymous reader shares a report: Microsoft has had a rough few years of cybersecurity incidents. It found itself at the center of the SolarWinds attack nearly three years ago, one of the most sophisticated cybersecurity attacks we've ever seen. Then, 30,000 organizations' email servers were hacked in 2021 thanks to a Microsoft Exchange Server flaw. If that weren't enough already, Chinese hackers breached US government emails via a Microsoft cloud exploit earlier this year. Something had to give.

Microsoft is now announcing a huge cybersecurity effort, dubbed the Secure Future Initiative (SFI). This new approach is designed to change the way Microsoft designs, builds, tests, and operates its software and services today. It's the biggest change to security efforts inside Microsoft since the company announced its Security Development Lifecycle (SDL) in 2004 after Windows XP fell victim to a huge Blaster worm attack that knocked PCs offline in 2003. That push came just two years after co-founder Bill Gates had called on a trustworthy computing initiative in an internal memo.

Microsoft now plans to use automation and AI during software development to improve the security of its cloud services, cut the time it takes to fix cloud vulnerabilities, enable better security settings out of the box, and harden its infrastructure to protect against encryption keys falling into the wrong hands. In an internal memo to Microsoft's engineering teams today, the company's leadership has outlined its new cybersecurity approach. It comes just months after Microsoft was accused of "blatantly negligent" cybersecurity practices related to a major breach that targeted its Azure platform. Microsoft has faced mounting criticism of its handling of a variety of cybersecurity issues in recent years.

Mozilla Foundation's decision to switch the search engine built into its Firefox browser to Yahoo from Google was a "failed" bet that degraded the user experience, the company's chief executive said. From a report: Chief Executive Officer Mitchell Baker said Mozilla decided to switch to Yahoo's technology in 2014 after CEO Marissa Mayer took over and promised "to make a big bet on us."

"That bet failed," Baker said in a videotaped interview from 2022 played Wednesday in Google's defense during the Justice Department's antitrust trial. "The search experience that Yahoo was providing to Firefox users deteriorated." The Mozilla example -- the only situation in which a browser has switched the default search engine provider -- has been cited by both Google and the Justice Department to support their arguments in the case. [...] Yahoo agreed to pay Mozilla a minimum of $375 million -- more than the $276 million a year that Google was offering, Baker said. It also agreed to reduce the number of ads and offer less user tracking than Google, but over time Yahoo reneged on that and began showing more advertising, she added.

Ivan Mehta reports via TechCrunch: Instagram head Adam Mosseri said today that a Threads API is in the works. This will give developers a chance to create different apps and experiences around Threads. Mosseri was responding to journalist Casey Newton, who was conversing with a user about a TweetDeck-like experience for Threads. The Instagram head expressed apprehension about publishers posting a bunch of content and in turn, overshadowing creator content.

"We're working on it. My concern is that it'll mean a lot more publisher content and not much more creator content, but it still seems like something we need to get done," Mosseri said in a post. Later, an engineer working on Threads said that the team would start with endpoints for publishing content for the API. [...]

While Mosseri is concerned about publishers pushing an overwhelming amount of content through API integration, creators also need different tools to post various types of content. It also makes it easier for developers to design features suited for a specific platform if there is the option for an API integration.

An anonymous reader shares a report: The former head of search at Alphabet's Google told colleagues in February 2019 that his team was "getting too involved with ads for the good of the product and company," according to emails shown at the Justice Department's landmark antitrust trial against the search giant. Google maintains a firewall between its ads and search teams so that its engineers can innovate on Google's search engine, unsullied by the influence of the team whose goal is to maximize advertising revenue. But in February 2019, testimony at the antitrust trial revealed Tuesday, Google internally declared a "Code Yellow" amid concerns the company might not meet its goals for search revenue for the quarter.

As part of the emergency, which lasted for seven weeks, engineers from Google's search and Chrome browser teams were reassigned to figure out why user queries had slowed, according to the documents. Ben Gomes, Google's former head of search, was called by the company in its defense to show that it had made various advancements in search, particularly in mobile. However, cross examination by Justice Department lawyer David Dahlquist revealed the tensions between Gomes' search team and its advertising counterparts. The questioning sought to undermine Google's contentions that its search team focuses solely on improving the user experience and has sometimes been pulled into the advertising side, where the Justice Department alleges Google has been able to raise prices without pushback.

Microsoft has decided to axe the Windows Insider MVP program, which is now scheduled to be discontinued at the end of the year. From a report: A Microsoft spokesperson told The Register: "In an effort to consolidate MVP-style programs across Microsoft, we have decided to retire the Windows Insider MVP Program effective December 31, 2023. All our existing Windows Insider MVPs will be nominated to participate in the Microsoft MVP Program which has similar benefits and opportunities to continue networking with us and interacting with many other Microsoft MVPs globally."

The Windows Insider MVPs are usually enthusiasts of Microsoft's wares who are rewarded for their loyalty with access to the engineering teams, complimentary subscriptions to products such as Visual Studio Enterprise and Office 365, as well as the odd paperweight or two. A nomination must come from another MVP or a Microsoft employee to achieve this coveted status. An application is then scrutinized, and if one has demonstrated sufficient passion for all things Microsoft, the nod is given. Microsoft has plenty of Insider programs where users can play with pre-release versions of the company's software.

One of the world's top bullion banks is bringing blockchain to the antiquated London gold market. From a report: HSBC has launched a platform that uses distributed ledger technology to tokenize ownership of physical gold held in its London vault, Mark Williamson, global head of FX and commodities partnerships and propositions, said in an interview. The new system creates digital tokens that represent gold bars, which can then be traded through the bank's single-dealer platform. [...] What sets HSBC apart is its clout in the bullion market. It is one of the world's largest custodians of precious metals and one of four clearers on the London gold market, where over $30 billion of the metal changes hands every day.

Around 698,000 gold bars are stored in vaults in the Greater London area, valued at around $525 billion, according to the London Bullion Market Association. Despite its vast size, London's gold market still relies heavily on manual record keeping and trades entirely over-the-counter. Using blockchain technology makes the process "quicker and less cumbersome" as clients can more easily track the gold they own through the platform, down to the serial number of each bar, Williamson said. HSBC plans to eventually expand its system to include other precious metals, he added.

An anonymous reader shares a report: Not all Google searches make Google money. Google often says that it only shows ads on about 20 percent of queries, the ones it calls "commercial queries." This week, during the US v. Google antitrust trial, we got a rare glimpse at a closely guarded secret: which search terms make the most money. The list is only for the week of September 22nd, 2018, and it is the list of top queries ordered by revenue and nothing else. Still, we've never seen anything quite like this before, and the list was only made public after long deliberations from Judge Amit Mehta, who has, over the course of the trial, begun to push both sides to be more public with information and data like this.

Okay, here are the top 20 queries for that week ordered by revenue: iphone 8, iphone 8 plus, auto insurance, car insurance, cheap flights, car insurance quotes, direct tv, online colleges, at&t, hulu, iphone, uber, spectrum, comcast, xfinity, insurance quotes, free credit report, cheap car insurance, aarp, and lifelock.

Twenty-eight countries including the US, UK and China have agreed to work together to ensure artificial intelligence is used in a "human-centric, trustworthy and responsible" way, in the first global commitment of its kind. From a report: The pledge forms part of a communique signed by major powers including Brazil, India and Saudi Arabia, at the inaugural AI Safety Summit. The two-day event, hosted and convened by British prime minister Rishi Sunak at Bletchley Park, started on Wednesday. Called the Bletchley Declaration, the document recognises the "potential for serious, even catastrophic, harm" to be caused by advanced AI models, but adds such risks are "best addressed through international co-operation." Other signatories include the EU, France, Germany, Japan, Kenya and Nigeria.

The communique represents the first global statement on the need to regulate the development of AI, but at the summit there are expected to be disagreements about how far such controls should go. Country representatives attending the event include Hadassa Getzstain, Israeli chief of staff at the ministry of innovation, science and technology, and Wu Zhaohui, Chinese vice minister for technology. Gina Raimondo, US commerce secretary, gave an opening speech at the summit and announced a US safety institute to evaluate the risks of AI. This comes on the heels of a sweeping executive order by President Joe Biden, announced on Monday, and intended to curb the risks posed by the technology.

LinkedIn, the business-focused social network owned by Microsoft, on Wednesday said it now has more than 1 billion members and is adding more AI features for paying users. From a report: Crossing the billion-users mark puts LinkedIn -- where members maintain a resume-like profile of their education, work experience and professional skills -- in the top-tier of social media networks that include rivals such as Meta Platforms. About 80% of recent members are signing up from outside of the United States, the company has said.

LinkedIn has a free tier of membership but also offers subscriptions. Members of its $39.99-a-month tier will get new AI features that can tell a user, who may be plowing through dozens of job postings, whether they're a good candidate based on the information in their profile. The system can also recommend profile changes to make the user more competitive for a job.

WeWork plans to file for bankruptcy as early as next week, Reuters reported Tuesday, citing a source familiar with the matter, as the SoftBank Group-backed company struggles with a massive debt pile and hefty losses. From the report: Shares of the flexible workspace provider fell 32% in extended trading after the Wall Street Journal first reported the news. They have fallen roughly 96% this year. [...] The company had net long-term debt of $2.9 billion as of June end and more than $13 billion in long-term leases, at a time when rising borrowing costs are hurting the commercial real estate sector. WeWork's filing for bankruptcy would mark a stunning reversal of fortune for the company that was privately valued at $47 billion in 2019 and a black spot for investor SoftBank that sunk billions.

Google Registry has added domains ending in ".ing" -- "a situation seem/ing ripe for exceed.ing amounts of wordplay," reports 9to5Google. From the report: Google Registry -- which is different from Google Domains, the service Google is sell.ing off to SquareSpace -- tries to push the boundaries of domain names by launch.ing options like ".dev," ".app," and ".meme" (soon). After first be.ing announced in August, Google Registry is officially open.ing registration of .ing domains through partner companies like GoDaddy and 101Domain. As you might expect, the new domain end.ing is meant to inspire a sense of action, as exemplified by the first wave of companies debut.ing new domain names:

If you want a .ing domain of your own, you can do so from the official ".ing" site, but you'll be pay.ing an extra one-time fee dur.ing the Early Access Period, which runs until December 5, 2023, with fees decreas.ing on a "daily schedule." Register.ing during "Phase 1" will set you back over $1 million -- quite a lot of cha-ch.ing -- while "Phase 9" drops down as low as $144.99.

Emma Roth reports via The Verge: YouTube is broadening its efforts to crack down on ad blockers. The platform has "launched a global effort" to encourage users to allow ads or try YouTube Premium, YouTube communications manager Christopher Lawton says in a statement provided to The Verge. If you run into YouTube's block, you may see a notice that says "video playback is blocked unless YouTube is allowlisted or the ad blocker is disabled." It also includes a prompt to allow ads or try YouTube Premium. You may get prompts about YouTube's stance on ad blockers but still be able to watch a video, though, for one Verge staffer, YouTube now fully blocks them nearly every time.

YouTube confirmed that it was disabling videos for users with ad blockers in June, but Lawton described it as only a "small experiment globally" at the time. Now, YouTube has expanded this effort. Over the past several weeks, more users with ad blockers installed have found themselves unable to watch YouTube videos, with a post from Android Authority highlighting the increase in reports. Lawton maintains that the "use of ad blockers" violates the platform's terms of service, adding that "ads support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube."

An anonymous reader quotes a report from TorrentFreak: The head of the Russian department responsible for identifying threats to the "stability, security and integrity" of the internet, has revealed the extent of the Kremlin's VPN crackdown. Former FSO officer Sergei Khutortsev, a central figure in Russia's 'sovereign internet' project, confirmed that 167 VPN services are now blocked along with over 200 email services. Russia is also reported as stepping up measures against protocols such as OpenVPN, IKEv2 and WireGuard. [...]

An in-depth report published by TheIns.ru has details of the monitoring/blocking system reportedly deployed in Russia, how much it costs (4.3 billion rubles/$43 million in 2020, 24.7 billion rubles/$247 million for 2022-2024), and the names of the companies supplying the components. The publication also obtained original documents that apparently show some of the protocols Russia initially intended to block. They include older VPN protocols IPSec, L2TP, and PPTP, plus the BitTorrent protocol still widely used today. The full report on the system, which reveals the use of Intel chips/chipsets in 965 servers manufactured by Huawei and already purchased by Russia, plus another 2400+ servers for 2023/24, is available here.

China's popular social media platforms are requiring "self-media" accounts with over 500,000 followers to disclose real-name information, prompting concerns over increased doxxing and privacy among some users. Reuters reports: China's most popular social media platforms on Tuesday announced that "self-media" accounts with more than 500,000 followers will be asked to display real-name information, a controversial measure that has prompted concerns over doxxing and privacy among some users. "Self-media" includes news and information not necessarily approved by the government, a genre of online content regulators have cracked down on in recent years to "purify" China's cyberspace. [...]

Rumors of the new policy had prompted lively debate among users. Some, like former state media editor Hu Xijin, have defended the measure as necessary in order to force influential accounts to use more responsible speech. Others, however, have expressed concerns that the measure would make doxxing easier and platforms would further remove online users' anonymity in the future.

The new measures will remove the anonymity of thousands of influencers on social media platforms that are used daily by hundreds of millions of Chinese. Several of the platforms said that accounts with over 1 million followers would be affected first and those that do not comply would face restrictions in their online traffic and income as a consequence.

An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready."

Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet.

The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.