The FAA has released final regulations for electric vertical takeoff and landing (eVTOL) vehicles, introducing a new category of aircraft for the first time in nearly 80 years. These rules provide a framework for pilot training and operational requirements, addressing industry concerns while aiming to support the future of advanced air mobility. The Verge reports: The FAA says these "powered-lift" vehicles will be the first completely new category of aircraft since helicopters were introduced in 1940. These aircraft will be used for a variety of services, including air taxis, cargo delivery, and rescue and retrieval operations. The final rules published today contain guidelines for pilot training as well as operational requirements regarding minimum safe altitudes and visibility. [...] Powered lift includes aircraft described by industry watchers as electric vertical takeoff and landing, or eVTOL. Using tilt rotors, eVTOL aircraft are designed to take off and land vertically like a helicopter and then transition into forward flight on fixed wings like a plane.

[...] A new pilot training and qualifications rule was needed because "existing regulations did not address this new category of aircraft, which can take off and land vertically like a helicopter and fly like an airplane during cruise flight," the FAA said. The rule also provides a "comprehensive framework" for certifying the initial group of powered-lift instructors and pilots. According to the agency, the rule would: "Makes changes to numerous existing regulations and establishes a Special Federal Aviation Regulation (SFAR) with new requirements to facilitate instructor and pilot certification and training. Applies helicopter operating requirements to some phases of flight and adopts a performance-based approach to certain operating rules. Allows pilots to train in powered-lift with a single set of flight controls; legacy rules require two flight controls -- one for the student and one for the instructor." "The regulation published today will ensure the U.S. continues to play a global leadership role in the development and adoption of clean flight," said JoeBen Bevirt, founder and CEO of Joby, in a statement. "Delivering the rules ahead of schedule is testament to the dedication, coordination and hard work of the rulemaking team."

More than 10,500 artists and creators -- including ABBA's Bjorn Ulvaeus, actress Julianne Moore, actors Kevin Bacon and F. Murray Abraham, as well as former Saturday Night Live star Kate McKinnon, author James Patterson and Radiohead's Thom Yorke -- signed a statement condemning AI companies' unauthorized use of creative works for training their models. The initiative, led by former AI executive Ed Newton-Rex, demands an end to unlicensed training data collection amid mounting legal challenges against tech firms. "The unlicensed use of creative works for training generative AI is a major, unjust threat to the livelihoods of the people behind those works, and must not be permitted," reads the statement.

The protest comes as major artists and publishers battle AI developers in court. Authors John Grisham and George R.R. Martin are suing OpenAI, while record labels Universal, Sony and Warner have filed lawsuits against AI music creators Suno and Udio. The signatories reject proposed "opt-out" schemes for content scraping, calling instead for explicit creator consent.

The UK parliament is considering clamping down on how young people use smartphones. A bill brought forward by a Labour member of parliament proposes both banning phones in schools and raising the age at which children can consent to social media companies using their data. Wired: Calls for smartphone bans have been growing in the UK, driven by fears that the devices are driving a decline in kids' mental health and ability to focus. Smartphone Free Childhood, a prominent pressure group inspired by Jonathan Haidt's book The Anxious Generation, calls for parents to delay getting smartphones for their children until they are at least 13. Florida has already passed a law that bans under-14s from holding social media accounts, and Australia is considering similar restrictions.

But academics warn that smartphone and social media bans are unlikely to be a catch-all solution to the problems facing young people. Experts on the impact of digital technologies argue that the legislation could end up shutting children out from the potential benefits of smartphones, and that more pressure should be put on social media companies to design better digital worlds for children. The latest proposed clampdown in the UK is thin on details, but the MP bringing the bill, Josh MacAllister, told the radio show Today that it would prevent social media companies making use of young peoples' data until they are 16. "We can protect children from lots of the addictive bad design features that come from social media," he said. The bill would also make a ban on phones in schools legally binding.

An anonymous reader shares a post: EVs are still winning. But they haven't won yet; only 4% of the global passenger car fleet, 23% of the bus fleet, and less than 1% of delivery trucks are electrified.

But at this point I think the writing is on the wall. The phenomenon of a superior technology displacing an older, inferior technology is not uncommon, and it generally looks like the EV transition is looking now. When a new technology passes a 5% adoption rate, it almost never turns out to be inferior to what came before; with EVs, that threshold has now been reached in dozens of countries.

In fact, we don't have to rely on trend-based forecasting to understand why EVs are just going to win. There are a number of fundamental factors that make EVs simply better than combustion vehicles. The longer time goes on, the more these inherent advantages will make themselves felt in the market.

The first of these is price. Currently, EVs often require government subsidies in order to be price-competitive with combustion cars. But batteries are getting cheaper and cheaper as we get better and better at building them. The cheaper batteries get, the smaller the subsidies required to get people to switch to EVs. Goldman Sachs reports that this crucial tipping point will be reached in about two years:

[...] Once batteries cross that tipping point, the EV revolution will take on its own momentum. It will simply be cheaper to buy an EV than a combustion car. People will gravitate toward the cheaper option, especially if it comes with other advantages. And in this case it does.

EVs' second advantage is convenience. Most EV owners will almost never have to fill their cars up at a station. This is because they will charge their cars at night, in their own home garages or driveway.

Democratic senators Elizabeth Warren, Ron Wyden, Richard Blumenthal and Representative Katie Porter are demanding the Justice Department prosecute tax preparation companies for allegedly sharing sensitive taxpayer data with Meta and Google through tracking pixels. The lawmakers' call follows a Treasury Inspector General audit confirming their earlier investigation into TaxSlayer, H&R Block, and Tax Act. The audit found multiple companies failed to properly obtain consent before sharing tax return information via advertising tools. Violations could result in one-year prison terms and $1,000 fines per incident, potentially reaching billions in penalties given the scale of affected users.

In a letter shared with The Verge, the lawmakers said: "Accountability for these tax preparation companies -- who disclosed millions of taxpayers' tax return data, meaning they could potentially face billions of dollars in criminal liability -- is essential for protecting the rule of law and the privacy of taxpayers," the letter reads. "We urge you to follow the facts and the conclusions of TIGTA and the IRS and to take appropriate action against any companies or individuals that have violated the law."

Companies hiring specialized AI talent are seeing better stock market returns, according to new Barclays research. Analysis shows firms with higher ratios of specialized AI roles to general IT positions outperformed the market, with the top quintile returning 31.78% since October 2023, beating the S&P 500 Equal Weighted index. The findings suggest that targeted recruitment of "wonky IT people" with specific skills in natural language processing, computer vision, and specialized frameworks like TensorFlow could be a subtle indicator of future stock performance, offering investors a new lens for identifying companies poised to capitalize on AI productivity gains.

Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said.

The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.

According to an internal Border Patrol memo, nearly one-third of the surveillance cameras along the U.S.-Mexico border don't work. "The nationwide issue is having significant impacts on [Border Patrol] operations," reads the memo. NBC News reports: The large-scale outage affects roughly 150 of the 500 cameras perched on surveillance towers along the U.S.-Mexico border. It was due to "several technical problems," according to the memo. The officials, who spoke on the condition of anonymity to discuss a sensitive issue, blamed outdated equipment and outstanding repair issues.

The camera systems, known as Remote Video Surveillance Systems, have been used since 2011 to "survey large areas without having to commit hundreds of agents in vehicles to perform the same function." But according to the internal memo, 30% were inoperable. It is not clear when the cameras stopped working.Two Customs and Border Protections officials said that some repairs have been made this month but that there are still over 150 outstanding requests for camera repairs. The officials said there are some areas that are not visible to Border Patrol because of broken cameras.

A Customs and Border Protection spokesperson said the agency has installed roughly 300 new towers that use more advanced technology. "CBP continues to install newer, more advanced technology that embrace artificial intelligence and machine learning to replace outdated systems, reducing the need to have agents working non-interdiction functions," the spokesperson said. The agency points the finger at the Federal Aviation Administration (FAA), which is responsible for servicing the systems and repairing the cameras. "The FAA, which services the systems and repairs the cameras, has had internal problems meeting the needs of the Border Patrol, the memo says, without elaborating on what those problems are," reports NBC News. While the FAA is sending personnel to work on the cameras, Border Patrol leaders are considering replacing them with a contractor that can provide "adequate technical support for the cameras."

Further reading: U.S. Border Surveillance Towers Have Always Been Broken (EFF)

Actor Nicolas Cage warned young performers about the dangers of AI in film production during his speech at the Newport Beach Film Festival on Sunday. Cage urged actors to protect their craft from employment-based digital replica (EBDR) technology, which allows studios to manipulate performances post-filming. "This technology wants to take your instrument," Cage said. He explained that EBDR enables studios to alter actors' faces, voices, and body language after shooting, potentially compromising artistic integrity. Cage cited his cameo in "The Flash" as an example of EBDR use. He advised actors to consider their rights when approached with contracts permitting EBDR, coining the phrase "MVMFMBMI: my voice, my face, my body, my imagination."

Baidu CEO Robin Li has proclaimed that hallucinations produced by large language models are no longer a problem, and predicted a massive wipeout of AI startups when the "bubble" bursts. From a report: "The most significant change we're seeing over the past 18 to 20 months is the accuracy of those answers from the large language models," gushed the CEO at last week's Harvard Business Review Future of Business Conference. "I think over the past 18 months, that problem has pretty much been solved -- meaning when you talk to a chatbot, a frontier model-based chatbot, you can basically trust the answer," he added.

Li also described the AI sector as in an "inevitable bubble," similar to the dot-com bubble in the '90s. "Probably one percent of the companies will stand out and become huge and will create a lot of value or will create tremendous value for the people, for the society. And I think we are just going through this kind of process," stated Li. The CEO also guesstimated it will be another 10 to 30 years before human jobs are displaced by the technology. "Companies, organizations, governments and ordinary people all need to prepare for that kind of paradigm shift," he warned.

"Several of Europe's biggest carmakers unveiled low-cost electric vehicles at the Paris Motor Show this week," reports CNBC. The automakers are "seeking to jump-start a demand slump and recapture some of the market share now held by Chinese brands." "It feels like Europe is fighting back," Julia Poliscanova, senior director for vehicles and e-mobility supply chains at the Transport & Environment campaign group, told CNBC at the Paris Motor Show. "There are so many new models on show, and what is really great is that there are a lot of launches that are more affordable. So, Citroen, Peugeot [and] Renault, they are all showing some smaller affordable models," Poliscanova said. "This is exactly what we need for the mass market, for people to buy those vehicles more, and this is also where the competition from the Chinese is also the hardest," she added...

"The storytelling is that people have cooled off on EVs and there is no consumer demand, [but] this is really not true," Transport & Environment's Poliscanova said. "This year in Europe, we did not have affordable models, so people are not buying those overpriced premium vehicles. However, as soon as vehicles come in the right price range next year ... people will flock to buy them." Poliscanova said the launch of several low-cost EVs means electric car sales could account for up to a 24% market share next year, up from 14% this year. Chinese-made EVs typically cost less than half the prices seen in Europe and the U.S. last year, according to figures published by data firm JATO, underscoring the challenge for Western automakers to keep pace with Beijing...

Pere Brugal, president and managing director of GM Europe, said that the challenges facing Europe's auto industry should be seen as a transitional phase — and not evidence of a crisis. "The adoption of new technologies and new behaviors is never a linear growth story, but the end is full-electric [vehicles]," Brugal told CNBC at the Paris Motor Show.
Meanwhile, GM's CEO "says it will start making money on battery-powered models by the end of the year — becoming the only U.S. automaker aside from Tesla to achieve that feat," reports the New York Times (adding that sales are increasing "and the company just introduced a model that sells for less than $30,000 after a federal tax credit.")

And GM "is still committed to doing away with combustion engine cars in the United States by 2035."

"Who asked for any of this in the first place?" wonders a New York Times consumer-tech writer. (Alternate URL here.) "Judging from the feedback I get from readers, lots of people outside the tech industry remain uninterested in AI — and are increasingly frustrated with how difficult it has become to ignore." The companies rely on user activity to train and improve their AI systems, so they are testing this tech inside products we use every day. Typing a question such as "Is Jay-Z left-handed?" in Google will produce an AI-generated summary of the answer on top of the search results. And whenever you use the search tool inside Instagram, you may now be interacting with Meta's chatbot, Meta AI. In addition, when Apple's suite of AI tools, Apple Intelligence, arrives on iPhones and other Apple products through software updates this month, the tech will appear inside the buttons we use to edit text and photos.

The proliferation of AI in consumer technology has significant implications for our data privacy, because companies are interested in stitching together and analyzing our digital activities, including details inside our photos, messages and web searches, to improve AI systems. For users, the tools can simply be an annoyance when they don't work well. "There's a genuine distrust in this stuff, but other than that, it's a design problem," said Thorin Klosowski, a privacy and security analyst at the Electronic Frontier Foundation, a digital rights nonprofit, and a former editor at Wirecutter, the reviews site owned by The New York Times. "It's just ugly and in the way."

It helps to know how to opt out. After I contacted Microsoft, Meta, Apple and Google, they offered steps to turn off their AI tools or data collection, where possible. I'll walk you through the steps.
The article suggests logged-in Google users can toggle settings at myactivity.google.com. (Some browsers also have extensions that force Google's search results to stop inserting an AI summary at the top.) And you can also tell Edge to remove Copilot from its sidebar at edge://settings.

But "There is no way for users to turn off Meta AI, Meta said. Only in regions with stronger data protection laws, including the EU and Britain, can people deny Meta access to their personal information to build and train Meta's AI." On Instagram, for instance, people living in those places can click on "settings," then "about" and "privacy policy," which will lead to opt-out instructions. Everyone else, including users in the United States, can visit the Help Center on Facebook to ask Meta only to delete data used by third parties to develop its AI.
By comparison, when Apple releases new AI services this month, users will have to opt in, according to the article. "If you change your mind and no longer want to use Apple Intelligence, you can go back into the settings and toggle the Apple Intelligence switch off, which makes the tools go away."

Cybersecurity startup Watchtowr "was founded by hacker-turned-entrepreneur Benjamin Harris," according to a recent press release touting their Fortune 500 customers and $29 million investments from venture capital firms. ("If there's a way to compromise your organization, watchTowr will find it," Harris says in the announcement.)

This week they shared their own research on a Fortinet FortiGate SSLVPN appliance vulnerability (discovered in February by Gwendal Guégniaud of the Fortinet Product Security team — presumably in a static analysis for format string vulnerabilities). "It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild... It's a Format String vulnerability [that] quickly leads to Remote Code Execution via one of many well-studied mechanisms, which we won't reproduce here..."

"Tl;dr SSLVPN appliances are still sUpEr sEcurE," their post begains — but the details are interesting. When trying to test an exploit, Watchtowr discovered instead that FortiGate always closed the connection early, thanks to an exploit mitigation in glibc "intended to hinder clean exploitation of exactly this vulnerability class." Watchtowr hoped to "use this to very easily check if a device is patched — we can simply send a %n, and if the connection aborts, the device is vulnerable. If the connection does not abort, then we know the device has been patched... " But then they discovered "Fortinet added some kind of certificate validation logic in the 7.4 series, meaning that we can't even connect to it (let alone send our payload) without being explicitly permitted by a device administrator." We also checked the 7.0 branch, and here we found things even more interesting, as an unpatched instance would allow us to connect with a self-signed certificate, while a patched machine requires a certificate signed by a configured CA. We did some reversing and determined that the certificate must be explicitly configured by the administrator of the device, which limits exploitation of these machines to the managing FortiManager instance (which already has superuser permissions on the device) or the other component of a high-availability pair. It is not sufficient to present a certificate signed by a public CA, for example...

Fortinet's advice here is simply to update, which is always sound advice, but doesn't really communicate the nuance of this vulnerability... Assuming an organisation is unable to apply the supplied workaround, the urgency of upgrade is largely dictated by the willingness of the target to accept a self-signed certificate. Targets that will do so are open to attack by any host that can access them, while those devices that require a certificate signed by a trusted root are rendered unexploitable in all but the narrowest of cases (because the TLS/SSL ecosystem is just so solid, as we recently demonstrated)...

While it's always a good idea to update to the latest version, the life of a sysadmin is filled with cost-to-benefit analysis, juggling the needs of users with their best interests.... [I]t is somewhat troubling when third parties need to reverse patches to uncover such details.
Thanks to Slashdot reader Mirnotoriety for sharing the article.

A post shared Saturday on social media acknowledges those admins and developers at the Internet Archive working "literally round the clock... They have taken no days off this past week. They are taking none this weekend... they are working with all of their energy and considerable talent."

It describes people "working so incredibly hard... putting their all in," with a top priority of "getting the site back secure and safe".

But there's new and continuing problems, reports The Verge's weekend editor: Early this morning, I received an email from "The Internet Archive Team," replying to a message I'd sent on October 9th. Except its author doesn't seem to have been the digital archivists' support team — it was apparently written by the hackers who breached the site earlier this month and who evidently maintain some level of access to its systems.

I'm not alone. Users on the Internet Archive subreddit are reporting getting the replies, as well. Here is the message I received:

It's dispiriting to see that even after being made aware of the breach 2 weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets.

As demonstrated by this message, this includes a Zendesk token with perms to access 800K+ support tickets sent to info@archive.org since 2018.

Whether you were trying to ask a general question, or requesting the removal of your site from the Wayback Machine — your data is now in the hands of some random guy. If not me, it'd be someone else.
The site BleepingComputer believes they know the larger context, starting with the fact that they've also "received numerous messages from people who received replies to their old Internet Archive removal requests... The email headers in these emails also pass all DKIM, DMARC, and SPF authentication checks, proving they were sent by an authorized Zendesk server."

BleepingComputer also writes that they'd "repeatedly tried to warn the Internet Archive that their source code was stolen through a GitLab authentication token that was exposed online for almost two years."

And that "the threat actor behind the actual data breach, who contacted BleepingComputer through an intermediary to claim credit for the attack," has been frustrated by misreporting. (Specifically, they insist there were two separate attacks last week — a DDoS attack and a separate data breach for a 6.4-gigabyte database which includes email addresses for the site's 33 million users.) The threat actor told BleepingComputer that the initial breach of Internet Archive started with them finding an exposed GitLab configuration file on one of the organization's development servers, services-hls.dev.archive.org. BleepingComputer was able to confirm that this token has been exposed since at least December 2022, with it rotating multiple times since then. The threat actor says this GitLab configuration file contained an authentication token allowing them to download the Internet Archive source code. The hacker say that this source code contained additional credentials and authentication tokens, including the credentials to Internet Archive's database management system. This allowed the threat actor to download the organization's user database, further source code, and modify the site.

The threat actor claimed to have stolen 7TB of data from the Internet Archive but would not share any samples as proof. However, now we know that the stolen data also included the API access tokens for Internet Archive's Zendesk support system. BleepingComputer attempted contact the Internet Archive numerous times, as recently as on Friday, offering to share what we knew about how the breach occurred and why it was done, but we never received a response.
"The Internet Archive was not breached for political or monetary reasons," they conclude, "but simply because the threat actor could...

"While no one has publicly claimed this breach, BleepingComputer was told it was done while the threat actor was in a group chat with others, with many receiving some of the stolen data. This database is now likely being traded amongst other people in the data breach community, and we will likely see it leaked for free in the future on hacking forums like Breached."

A California oil refinery that produces 8% of the state's gasoline is shutting down late next year — a decision the Los Angeles Times says is "driven by climate change, the transition to electric vehicles and demands for cleaner air."

"There's no question we are going to lose refineries over time, because demand is going to go down as we transition to electric vehicles, but I did not expect to see any of them exiting this quickly," said Severin Borenstein, faculty director of the Energy Institute at UC Berkeley's Haas School of Business. California "over the medium term" will have to rely more on imports, he said. "I think part of the response the state's going to need to consider is how to make sure that we can import sufficient gasoline to meet our needs...."

David Hackett, chairman of Stillwater Associates, an Irvine oil consultancy, said he was contacted by Phillips just before the announcement, and was told the closure was a business decision. He said that although the timing was somewhat surprising, the closure wasn't, given the age of the refineries, their relatively small size and the inefficient layout that connects them by a pipeline. "That plant has been for sale for years. It hasn't found any buyers and I think that this has been an economic decision on their part. They looked at the profitability of the place and compared it with the other businesses that they have, and it didn't make the cut," he said.
"The closure is likely to increase California's already high prices at the gas pump, given that much of the replacement gasoline will be shipped in by ocean vessel, analysts say..." according to another article from the Los Angeles Times.

"Environmentalists and community activists cheered the news, however, saying it will mean cleaner air for the thousands who live in the area and that the state must continue the transition away from its dependence on fossil fuels."

An anonymous readed shared this report from CNN: [U.S. army boats] are poorly maintained and largely unprepared to meet the military's growing mission in the Pacific, a new government oversight report said this week. The Government Accountability Office released a report on Wednesday that concluded there are "wide-ranging" issues facing Army watercraft, which limit the Army's ability "to meet mission requirements in the Indo-Pacific theater where the need for Army watercraft is most pronounced."

Despite Army policy requiring the vessels to be at least at a 90% mission capable rate — meaning the vessels are ready to perform their mission — the boats currently have a less than 40% capable rate this year. Overall, the fleet of watercraft has dropped by nearly half since 2018, going from 134 vessels to 70 as of May this year, in part due to divestment of vessels in 2018 and 2019... "Army boats have not been ready, capable, or in a mindset they'll have to do something dangerous or in the real world ... for decades now," a retired warrant officer and former chief engineer on Army watercraft told CNN at the time...

[Army spokeswoman Cynthia Smith] said that the Army is "actively" working to address gaps in the watercraft's capability as a whole, and prioritizing improving the current fleet while also "investing in a modernized fleet to meet the needs of the 2040 force." Col. Dave Butler, a spokesman for Army Chief of Staff Gen. Randy George, told CNN that the Army is also looking at possibly replacing the existing fleet of Army watercraft with autonomous vessels in the future. "What we see is the oil industry and other shipping industries are doing this already, we see that happening all around the world," Butler said. "There's no reason the Army shouldn't be thinking that way ... leaders from down at ship level all the way to the Pentagon are looking at this and determining the best way to deploy our forces...

"Maybe the future fleet is all autonomous, we just don't know," he said. "This is all stuff we're looking at in terms of trying to modernize the way we move people, weapons, and equipment."
CNN notes that the report "also said the Army is considering leasing civilian watercraft to bolster its existing fleet and moving all of its watercraft to the Pacific."

The report also included a response from Army Secretary Wormuth, who said the Army is "actively pursuing a holistic approach to mitigate the gaps in Army watercraft capability and capacity."

"The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening..." writes Linux Magazine.

From an October 7th announcement by The Gnome Foundation: Our plan for the previous financial year was to operate a break-even budget. We raised less than expected last year, due to a very challenging fundraising environment for nonprofits, on top of internal changes such as the departure of our previous Executive Director, Holly Million. The Foundation has a reserves policy which requires us to keep a certain amount of money in the bank account, to preserve core operations in the event of interruptions to our income. In order to meet our reserves policy, this year's budget had to reduce our expenditure to below expected income, and generate a small surplus to reinstate the Foundation's financial reserves to the necessary level...

We're asking for your support in several ways:

- Look out for opportunities to volunteer your time and skills in areas where we've had to reduce staff involvement.

- Share ideas on how to organize and improve our activities in this new context.

- Consider making donations to support the GNOME Foundation's core priorities, if you're able...

Through these difficult decisions, the GNOME Foundation is able to meet its reserves policy, ensuring sufficient funds for the coming year. Our budget for the new financial year is realistic and supports four full time staff, who are able to support key operations like finance, infrastructure and events. We are additionally contracting a number of other individuals on a short term or part time basis, to help with fund raising, websites and delivering on our project commitments.

We are going to be looking to the GNOME community to help with the areas that are most affected by our reduced staffing. If you would like to help GNOME with its events, marketing, or fundraising, we would love to hear from you.
In their new budget, "expenses have been greatly reduced," according to an October 10 update: We are also very relieved to be able to provide a surplus budget for the first time in many years, and doing so while still being able to support the community: events, infrastructure, internships, travel funding, and meeting our commitment to donors for work done in some parts of the stack, e.g.: Flathub, parental controls and GNOME Software.

"The Wayback Machine, Archive-It, scanning, and national library crawls have resumed," announced the Internet Archive Thursday, "as well as email, blog, helpdesk, and social media communications. Our team is working around the clock across time zones to bring other services back online."

Founder Brewster Kahle told The Washington Post it's the first time in its almost 30-year history that it's been down more than a few hours. But their article says the Archive is "fighting back." Kahle and his team see the mission of the Internet Archive as a noble one — to build a "library of everything" and ensure records are kept in an online environment where websites change and disappear by the day. "We're all dreamers," said Chris Freeland, the Internet Archive's director of library services. "We believe in the mission of the Internet Archive, and we believe in the promise of the internet." But the site has, at times, courted controversy. The Internet Archive faces lawsuits from book publishers and music labels brought in 2020 and 2023 for digitizing copyrighted books and music, which the organization has argued should be permissible for noncommercial, archival purposes. Kahle said the hundreds of millions of dollars in penalties from the lawsuits could sink the Internet Archive.

Those lawsuits are ongoing. Now, the Internet Archive has also had to turn its attention to fending off cyberattacks. In May, the Internet Archive was hit with a distributed denial-of-service (DDoS) attack, a fairly common type of internet warfare that involves flooding a target site with fake traffic. The archive experienced intermittent outages as a result. Kahle said it was the first time the site had been targeted in its history... [After another attack October 9th], Kahle and his team have spent the week since racing to identify and fix the vulnerabilities that left the Internet Archive open to attack. The organization has "industry standard" security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he'd opted not to prioritize additional investments in cybersecurity out of the Internet Archive's limited budget of around $20 million to $30 million a year...

[N]o one has reliably claimed the defacement and data breach that forced the Internet Archive to sequester itself, said [cybersecurity researcher] Scott Helmef. He added that the hackers' decision to alert the Internet Archive of their intrusion and send the stolen data to Have I Been Pwned, the monitoring service, could imply they didn't have further intentions with it.... Helme said the episode demonstrates the vulnerability of nonprofit services like the Internet Archive — and of the larger ecosystem of information online that depends on them. "Perhaps they'll find some more funding now that all of these headlines have happened," Helme said. "And people suddenly realize how bad it would be if they were gone."
"Our priority is ensuring the Internet Archive comes online stronger and more secure," the archive said in Thursday's statement. And they noted other recent-past instances of other libraries also being attacked online: As a library community, we are seeing other cyber attacks — for instance the British Library, Seattle Public Library, Toronto Public Library, and now Calgary Public Library. We hope these attacks are not indicative of a trend."

For the latest updates, please check this blog and our official social media accounts: X/Twitter, Bluesky and Mastodon.

Thank you for your patience and ongoing support.

The world's biggest trade publisher has changed the wording on its copyright pages to help protect authors' intellectual property from being used to train large language models and other artificial intelligence tools, The Bookseller has reported. From the report: Penguin Random House has amended its copyright wording across all imprints globally, confirming it will appear "in imprint pages across our markets." The new wording states: "No part of this book may be used or reproduced in any manner for the purpose of training artificial intelligence technologies or systems," and will be included in all new titles and any backlist titles that are reprinted.

The statement also "expressly reserves [the titles] from the text and data mining exception," in accordance with a European Parliament directive. The move specifically to ban the use of its titles by AI firms for the development of chatbots and other digital tools comes amid a slew of copyright infringement cases in the US and reports that large tranches of pirated books have already been used by tech companies to train AI tools. In 2024, several academic publishers including Taylor & Francis, Wiley and Sage have announced partnerships to license content to AI firms.

An anonymous reader shares a report: Every year for the past seven, Nathan Benaich, the founder and solo general partner at the early-stage AI investment firm Air Street Capital, has produced a magisterial "State of AI" report. Benaich and his collaborators marshal an impressive array of data to provide a great snapshot of the technology's evolving capabilities, the landscape of companies developing it, a survey of how AI is being deployed, and a critical examination of the challenges still facing the field.

One of the big takeaways from this year's report, which was published late last week, is that OpenAI's lead over other AI labs has largely eroded. Anthropic's Claude 3.5 Sonnet, Google's Gemini 1.5, X's Grok 2, and even Meta's open-source Llama 3.1 405 B model have equaled, or narrowly surpassed on some benchmarks, OpenAI's GPT-4o.ââBut, on the other hand, OpenAI still retains an edge for the moment on reasoning tasks with the release of its o1 "Strawberry" model -- which Air Street's report rightly characterized as a weird mix of incredibly strong logical abilities for some tasks, and surprisingly weak ones for others.

Another big takeaway, Benaich told me, is the extent to which the cost of using a trained AI model -- an activity known as "inference" -- is falling rapidly. There are several reasons for this. One is linked to that first big takeaway: With models less differentiated from one another on capabilities and performance, companies are forced to compete on price.ââAnother reason is that engineers for companies such as OpenAI and Anthropic -- and their hyperscaler partners Microsoft and AWS, respectively -- are discovering ways to optimize how the largest models run on big GPU clusters. The cost of outputs from OpenAI's GPT-4o today is 100-times less per token (which is about equivalent to 1.5 words) than it was for GPT-4 when that model debuted in March 2023. Google's Gemini 1.5 Pro now costs 76% less per output token than it did when that model was launched in February 2024.â