At Google I/O in May, the company revealed its plans to go all-in on AI with the likes of PaLM 2, Bard, and a whole host of intelligent enhancement features for its myriad products. Tucked into that cavalcade of consumerism was a brief discussion of Google's Project Tailwind, an experimental product geared towards students as an "AI-first notebook" to help them stay organized. On Wednesday, Project Tailwind graduated development to become NotebookLM (NLM).

NLM is essentially note taking software with a large language model tacked onto the side, which is "paired with your existing content to gain critical insights, faster." Basically, it's a chatbot that is continually tuned to your specific data set, so when you ask it a question it pulls from just that information rather than the collective knowledge of whatever the underlying model was built with. This process of "source-grounding" ensures that the virtual assistant stays on topic and provides more relevant responses.

That virtual assistant can do all of the normal chatbot tasks including summarizing newly added documents, deeply answering questions about the text corpus, and generating new content from that information. NLM is being made immediately available to a small cadre of beta testers in the US to provide feedback for further development, though there's no word yet on when it will be made available to the general public. If you want to try it early for yourself, sign up on the waitlist.

Just five months after Anthropic debuted its open-source ChatGPT rival, Claude, the company is back with an updated version that promises longer answers, more detailed reasonings, fewer hallucinations and generally better performance. It also now scores in the 90th percentile of graduate school applicants on the GRE reading and writing exams.

The updated version, Claude 2, is available today for users in the US and the UK. It can now handle as many as 100,000 tokens — that's around 75,000 words, or a few hundred pages of documents users can have Claude digest and analyze — up significantly from the previous version’s 9,000 token limit. In AI, tokens are the bits and pieces that your input prompt gets broken down into so that the model can more readily process them — hence Claude's ability to "digest" user data.

This increased capacity will also translate into longer, more nuanced responses. Claude 2 will even be able to generate short stories “up to a few thousand tokens,” the company announced. Its coding capabilities have also improved, rising to a score of 71.2 percent on the Codex HumanEval benchmark, up from 56 percent.

The Claude “Constitutional AI” system is already guided by 10 secret “foundational” principals of fairness and autonomy. Extensive red-team testing since the release of the first version has tempered Claude 2 into a more emotionally stable and harder to fool AI. Compared to its predecessor Claude 2 is reportedly, “2x better at giving harmless responses compared to Claude 1.3,” the company’s announcement claimed. If you’re already subscribed to the Claude 1.3 API, great news, you’ll be automatically rolled over to Claude 2 at no extra charge.

It didn’t take long for the downsides of a generative AI-empowered newsroom to make themselves obvious, between CNet’s secret chatbot reviews editor last November and Buzzfeed’s subsequent mass layoffs of human staff in favor of AI-generated “content” creators. The specter of being replaced by a “good enough AI” looms large in many a journalist’s mind these days with as many as a third of the nation’s newsrooms expected to shutter by the middle of the decade.

But AI doesn’t have to necessarily be an existential threat to the field. As six research teams showed at NYU Media Lab’s AI & Local News Initiative demo day in late June, the technology may also be the key to foundationally transforming the way local news is gathered and produced.

Now in its second year, the initiative is tasked with helping local news organizations to “harness the power of artificial intelligence to drive success.” It’s backed as part of a larger $3 million grant from the Knight Foundation which is funding four such programs in total in partnership with the Associated Press, Brown Institute’s Local News Lab, NYC Media Lab and the Partnership on AI.

This year’s cohort included a mix of teams from academia and private industry, coming together over the course of the 12-week development course to build “AI applications for local news to empower journalists, support the sustainability of news organizations and provide quality information for local news audiences,” NYU Tandon’s news service reported.

“There's value in being able to bring together people who are working on these problems from a lot of different angles,” Matt Macvey, Community and Project Lead for the initiative, told Engadget, “and that that's what we've tried to facilitate.”

“It also creates an opportunity because … if these news organizations that are out there doing good work are able to keep communicating their value and maintain trust with their readers,” he continued. “I think we could get an information ecosystem where a trusted news source becomes even more valued when it becomes easier [for anyone] to make low-quality [AI generated] content.”

The six teams include Bangla AI, which is developing a web platform that surfaces and translates relevant news stories into the Bengali language for journalists and New York City’s sizable Bangladeshi immigrant community.

“More than 200,000 legal Bangladeshi immigrants live in the United States, half of them in New York City,” Bangla team member, MD Ashraful Goni, told reporters during the demo day. “Only half of the population are fluent in English,” depriving the other half of easy access to the day’s news through mainstream media outlets like the New York Times or the Associated Press.

“Bangla AI will search for information relevant to the people of the Bengali community that has been published in mainstream media … then it will translate for them. So when journalists use Bangla AI, they will see the information in Bengali rather than in English.” The system will also generate summaries of mainstream media posts both in English and Bengali, freeing up local journalists to cover more important news than rewriting wire copy.

Similarly, the team from Chequeado, a non-profit organization fighting disinformation in the public discourse showed off the latest developments of its Chequeabot platform, Monitorio. It leverages AI and natural language processing capabilities to streamline fact-checking efforts in Spanish-language media. Its dashboard continually monitors social media in search of trending misinformation and alerts fact checkers so they can blunt the piece’s virality.

“One of the greatest promises of things like this and Bangla AI,” Chequeado team member Marcos Barroso said during the demo, “is the ability for this kind of technology to go to an under-resourced newsroom and improve their capacity, and allow them to be more efficient.”

The Newsroom AI team from Cornell University hope that their writing assistant platform will help do for journalists what Copilot did for coders – eliminate drudge work. Newsroom can automate a number of common tasks including transcription and information organization, image and headline generation, and SEO implementation. The system will reportedly even write articles in a journalist’s personal style if fed enough training examples.

On the audio side, New York public radio WNYC’s team spent its time developing and prototyping a speech-to-text model that will generate real-time captioning and transcription for its live broadcasts. WNYC is the largest public media station in New York, reaching 2 million visitors monthly through its news website.

“Our live broadcast doesn't have a meaningful entry point right now for deaf or hard of hearing audiences,” WNYC team member, Sam Guzik, said during the demo. “So, we really want to think about as we're looking to the future is, ‘how can we make our audio more accessible to those folks who can't hear?’”

Utilizing AI to perform the speech-to-text transformation alleviates one of the biggest sticking points of modern closed-captioning: that it’s expensive and resource-intensive to turn around quickly when you have humans do it. “Speech-to-text models are relatively low cost,” Guzik continued. “They can operate at scale and they support an API driven architecture that would tie into our experiences.”

The result is a proof-of-concept audio player for the WNYC website that generates accurate closed captioning of whatever clip is currently being played. The system can go a step further by summarizing the contents of that clip in a few bullet points, simply by clicking a button on the audio player.

“This is a meaningful improvement, both for folks who can't hear,” Guznik said. “But also for folks who are just not in the space where they can listen, and this is a really great tool if you're in a place where you don't have headphones and you want to follow along with what’s being said.“

On the back end, NOBL Media has developed an ad tech product that, “allows programmatic advertisers to reach publishers' content in service of smaller audiences that can be targeted by geography or demography,” while the Graham Media Group created an automated natural language text prompter to nudge the comments sections of local news articles closer towards civility.

“The comment-bot posts the first comment on stories to guide conversations and hopefully grow participation and drive users deeper into our engagement funnels,” GMG team member Dustin Block said during the demo. This solves two significant challenges that human comment moderation faces: preventing the loudest voices from dominating the discussion and providing form and structure to the conversation, he explained.

”The bot scans and understands news articles using the GPT 3.5 Turbo API. It generates thought-provoking starters and then it encourages discussions,” he continued. “It's crafted to be friendly.”

Whether the AI revolution remains friendly to the journalists it’s presumably augmenting remains to be seen, though Macvey isn’t worried. “Most news organizations, especially local news organizations, are so tight on resources and staff that there's more happening out there than they can cover,” he said. “So I think tools like AI and [the automations seen during the demo day] enable the journalists and editorial staff more bandwidth.”

When it comes to online merchandizing, nobody is bigger than Amazon. The same can be said for Walmart's utter domination of physical retail. But for a brief time in 2016, the two behemoths sought to get all up in each other's lanes. The resulting multi-year fracas would shake the world of commerce to its foundations with every above-board strategy and under-handed trick made available to crush the competition. In Winner Sells All, journalist Jason Del Rey recounts the business battles both between and within these titans of industry as both corporations sought to further entrench their market positions. In the excerpt below, we see some of said underhanded tricks.

Harper Collins

Excerpted from Winner Sells All: Amazon, Walmart and the Battle for Our Wallets by Jason Del Rey . Published by Harper Business. Copyright © 2023 by Jason Del Rey. All rights reserved.

In the late 2010s, the power and valuations that Amazon and other titans of the technology industry were accumulating incited a new movement in antitrust circles, catalyzed by a law school paper written by a then-unknown law student named Lina Khan. In her seminal paper, “Amazon’s Antitrust Paradox,” published in the Yale Law Journal, Khan argued that our interpretation of antitrust laws was outdated in light of a new digital economy, and there was a need to return to the days when merely having low prices or providing free services wasn’t enough to avoid scrutiny for anticompetitive behavior. 

“Amazon doesn’t just want to dominate markets; it wants to own the infrastructure that underpins those markets,” said Stacy Mitchell, the longtime critic of both Amazon and Walmart who runs a left-leaning think tank called the Institute for Local Self-Reliance (ILSR). “And that’s an order of magnitude difference of a monopoly ambition than Walmart’s.” Mitchell had spent many years agitating for the government to step in to slow down Walmart during its go-go Supercenter growth years and she is still clear today that she finds the company’s power problematic. 

But in her view, and that of many Big Tech critics in her circles, Amazon poses an altogether different threat to business competition. “It’s not just the retail platform, but it’s AWS [Amazon Web Services], it’s the logistics piece, it’s [Alexa] and being the interface for how we interact with the web, and all the devices and everything that are connected to the smart home,” she said. “It enables Amazon to favor its own goods and services in those markets, to levy a kind of tax on all the businesses that rely on that infrastructure, and to surveil all of that activity and use that intelligence to its own advantage.”

As the pressure from Washington, DC, increased, Amazon leaders were becoming heated. In one key annual meeting of Bezos’s senior leaders in early 2020, Jassy, the then-CEO of AWS, digested the content of a memo sitting in front of him. It laid out Amazon’s plans for messaging in response to accusations that it was too big or too powerful and engaged in anticompetitive behavior. As Bezos listened in by phone, Jassy pointedly asked those before him why the messaging didn’t argue that Walmart, and AWS rival Microsoft, should be investigated. Other top company officials tried to explain that each of those companies had already been scrutinized years ago and their time had passed. But Jassy’s reaction left a lasting impression on those in attendance.

“It was very clear from his comments that we shouldn’t let our foot off the gas,” someone in attendance told me years later. In subsequent years, especially in the part of the company that focused on so-called competition issues, “there wasn’t a day that Walmart didn’t come up.” The fact that Walmart, with more annual revenue than Amazon, was not being scrutinized by policy makers drove executives like Jassy crazy. It didn’t help when Amazon executives discovered that Walmart was indirectly funding a nonprofit front group called Free and Fair Markets, which was bombarding reporters and social media with anti-Amazon accusations. For some time, Amazon leaders suspected that a competitor, or group of competitors, was funding the operation but couldn’t prove it. One of Amazon’s longtime spokesmen, Drew Herdener, grew frustrated every time the group placed an op-ed or social media message that got traction.

“How does the press not know this is a front group?” he would lament. As a result, an Amazon communications staffer named Doug Stone spent upward of a year trying to help reporters uncover the group’s funders. Finally, in the fall of 2019, the Wall Street Journal pulled back the veil in an expose titled “A ‘Grass Roots’ Campaign to Take Down Amazon Is Funded by Amazon’s Biggest Rivals.” A Walmart spokesperson denied funding the group to the newspaper—the article had stated that Walmart used an intermediary to pass along funds to FFM, so the company’s defense might have been a matter of semantics— but said that Walmart “share[s] concerns about issues” that the group was publicizing.

Nobody said dragging one of the largest government bureaucracies to ever exist into the digital era was going to be easy but the sheer scale and myriad variety of failings we have seen in recent decades have had very real, and near universally negative, consequences for the Americans reliant on these social systems. One need look no further than at how SNAP — the federal Supplemental Nutrition Assistance Program — has repeatedly fallen short in its mission to help feed low-income Americans. Jennifer Pahlka, founder and former executive director of Code for America, takes an unflinching view at the many missteps and groupthink slip-ups committed by our government in the pursuit of bureaucratic efficiency in Recoding America: Why Government Is Failing in the Digital Age and How We Can Do Better.

Metropolitan Books

Excerpted from Recoding America: Why Government Is Failing in the Digital Age and How We Can Do Better by Jennifer Pahlka. Published by Metropolitan Books, Henry Holt and Company. Copyright © 2023 by Jennifer Pahlka. All rights reserved.

Stuck in Peanut Butter

The lawmakers who voted to cut the federal workforce in the 1990s, just as digital technology was starting to truly reshape our lives, wanted smaller government. But starving government of know-how, digital or otherwise, hasn’t made it shrink. It has ballooned it. Sure, there are fewer public servants, but we spend billions of dollars on satellite software that never goes to space, we pay vendors hundreds of thousands of dollars for basic web forms that don’t work, and we make applying for government services feel like the Inquisition. That’s the funny thing about small government: the things we do to get it — to limit government’s intrusion into our lives — have a habit of accomplishing the opposite.

Take, for example, an application for food stamps that requires answering 212 separate questions. That’s what Jake Solomon at Code for America discovered when he tried to find out why so few Californians in need enrolled in the state’s Supplemental Nutrition Assistance Program, or SNAP. Many of the questions were confusing, while others were oddly specific and seemed to assume the person applying was a criminal. “Have you or any member of your household ever been found guilty of trading SNAP benefits for drugs after September 22, 1996? Have you or any member of your household ever been found guilty of trading SNAP benefits for guns, ammunition, or explosives after September 22, 1996?” It would often take up to an hour for people to fill out the entire form. They couldn’t apply on a mobile phone; the application form, called MyBenefits CalWIN, didn’t work on mobile. Lots of the people Jake observed tried to complete the form on computers at the public library instead, but the library computers kicked you off after half an hour. You had to wait for your turn to come again and pick up where you left off.

SNAP is a federal program that states are responsible for administering. The smaller the jurisdiction in charge, the more likely that the program will be attuned to local needs and values. California, along with nine other states, has chosen to further devolve administration to its individual counties, putting the burden of managing client data on fifty-eight separate entities. To handle that burden, the counties (with the exception of Los Angeles) formed two consortia that pooled IT resources. When it became clear that clients should be able to apply online, each consortium then contracted for a single online application form to save money. It turned out to be quite expensive anyway: MyBenefits CalWIN, the form Jake studied, cost several million dollars to build. But at least that got divided across the eighteen counties in the consortium.

What those several million dollars had gotten them was another question. Jake and his Code for America colleagues published a “teardown” of the website, over a hundred screenshots of it in action, with each page marked up to highlight the parts that confused and frustrated the people trying to use it. (To be fair, the teardown also highlighted elements that were helpful to users; there were just far fewer of them.) The teardown was a powerful critique. It was noticed by anti-poverty advocates and the press alike, and the ways in which the counties were failing their clients started to get a lot of attention. Jake should not have been popular with the people responsible for MyBenefits CalWIN. Which was why he was surprised when HP, the vendor managing the website, invited him to a meeting of the consortium to present his work.

The meeting brought representatives from each of the counties to a business hotel in downtown Sacramento. It was only after Jake finished showing them his observations that he realized why he’d been invited. The HP representative at the meeting presented a variety of options for how the consortium might use its resources over the coming year, and then the county representatives began engaging in that hallmark of democracy: voting. One of the questions up for a vote was whether to engage some of HP’s contracted time to make MyBenefits CalWIN usable on a mobile phone. Fresh off Jake’s critique, that priority got the votes it needed to proceed. Jake had done the job he’d been invited to do without even knowing what it was.

What struck Jake about the process was not his success in convincing the county representatives. It was not that different from what Mary Ann had achieved when her recording of Dominic convinced the deputy secretary of the VA to let her team fix the health care application. The HP rep was interested in bringing to life for the county reps the burdens that applicants experienced. Jake was very good at doing that, and the rep had been smart to use him.

What Jake did find remarkable was the decision-making process. To him, it was clear how to decide the kinds of questions the group discussed that day. SNAP applicants were by definition low-income, and most low-income people use the web through their phones. So at Code for America, when Jake developed applications for safety-net benefits, he built them to work on mobile phones from the start. And when he and his team were trying to figure out the best way to phrase something, they came up with a few options that sounded simple and clear, and tested these options with program applicants. If lots of people stopped at some point when they filled out the form, it was a sign that that version of the instructions was confusing them. If some wording resulted in more applications being denied because the applicant misunderstood the question, that was another sign. Almost every design choice was, in effect, made by the users.

The counties, on the other hand, made those same choices by committee. Because each of the eighteen counties administers the SNAP program separately, the focus was on accommodating the unique business processes of each separate county and the many local welfare offices within the counties. It wasn’t that the county reps didn’t care about the experience of their users—their vote to start making MyBenefits CalWIN work on mobile phones was proof of that. But the process the consortium followed was not constructed to identify and address the needs of users. It had been set up to adjudicate between the needs of the counties. The result had been, for years, an experience for clients that was practically intolerable.

Ever since the founding of the United States, a core value for many has been restricting the concentration of government power. The colonists were, after all, rebelling against a monarchy. When power is concentrated in the hands of one person or one regime, the reasoning goes, we lose our liberty. We need to have some government, so we’ll have to trust some people to make some decisions, but best to make it hard for any one person to do anything significant, lest that person begin to act like a king. Best to make sure that any decisions require lots of different people to weigh in.

But as Jake saw, the way you get 212 questions on a form for food assistance is not concentrated power, it’s diffuse power. And diffuse power is not just an artifact of the complexities federalism can bring, with decisions delegated down to local government and then aggregated back up through mechanisms like the county consortia. The fear of having exercised too much power, and being criticized for it, is ever present for many public servants. The result is a compulsion to consult every imaginable stakeholder, except the ones who matter most: the people who will use the service.

A tech leader who made the transition from a consumer internet company to public service recently called me in frustration. He’d been trying to clarify roles on a new government project and had explained to multiple departments how important it would be to have a product manager, someone empowered to direct and absorb user research, understand both external and internal needs, and integrate all of it. The departments had all enthusiastically agreed. But when it came time to choose that person, each department presented my friend with a different name, sometimes several. There were more than a dozen in all.

He thought perhaps he was supposed to choose the product manager from among these names. But the department representatives explained that all these people would need to share the role of product manager, since each department had some stake in the product. Decisions about the product would be made by what was essentially a committee, something like the federal CIO Council that resulted in the ESB imperative. Members would be able to insist on what they believed their different departments needed, and no one would have the power to say no to anyone. Even without the complications of federalism, the project would still be doomed to exactly the kind of bloat that MyBenefits CalWIN suffered from.

This kind of cultural tendency toward power sharing makes sense. It is akin to saying this project will have no king, no arbitrary authority who might act imperiously. But the result is bloat, and using a bloated service feels intrusive and onerous. It’s easy to start seeing government as overreaching if every interaction goes into needless detail and demands countless hours.

Highly diffuse decision-making frameworks can make it very hard to build good digital services for the public. But they are rooted in laws that go back to long before the digital era.

As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet. Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers are able to swamp game servers and prevent players from logging on for hours or days at a time. The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any Tom, Dick, and Script-kiddie rental access to the same power. 

It's a big internet out there, and bad actors are plentiful. There are worse things than spammers and scammers swimming in the depths of the Dark Web. In his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks, Dr. Scott J Shapiro, Professor of Law and Philosophy at Yale Law School traces the internet's illicit history through five of the biggest attacks on digital infrastructure ever recorded.

Farrar Straus Giraux

FANCY BEAR GOES PHISHING: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro. Published by Farrar, Straus and Giroux. Copyright © 2023 by Scott J. Shapiro. All rights reserved. 

Crime as a Service

Not all Denial of Service attacks use botnets. In 2013, the Syrian Electronic Army (SEA)—the online propaganda arm of the brutal Bashar al-Assad regime—hacked into Melbourne IT, the registrar that sold the nytimes.com domain name to The New York Times. The SEA altered the DNS records so that nytimes.com pointed to SEA’s website instead. Because Melbourne IT contained the authoritative records for the Times’ website, the unauthorized changes quickly propagated around the world. When users typed in the normal New York Times domain name, they ended up at a murderous organization’s website.

Conversely, not all botnets launch Denial of Service attacks. Botnets are, after all, a collection of many hacked devices governed by the attacker remotely, and those bots can be used for many purposes. Originally, botnets were used for spam. The Viagra and Nigerian Prince emails that used to clutter inboxes were sent from thousands of geographically distributed zombie computers. In these cases, the attacker reaches out to their army of bots, commanding them to send tens of thousands of emails a day. In 2012, for example, the Russian Grum botnet sent over 18 billion spam emails a day from 120,000 infected computers, netting its botmaster $2.7 million over three years. Botnets are excellent spam infrastructure because it’s hard to defend against them. Networks usually use “block lists”: lists of addresses that they will not let in. To block a botnet, however, one would have to add the addresses of thousands of geographically disbursed servers to the list. That takes time and money.

Because the malware we have seen up till now — worms, viruses, vorms, and wiruses.— could not work together, it was not useful for financially motivated crime. Botnet malware, on the other hand, is because the botnets it creates are controllable. Botmasters are capable of issuing orders to each bot, enabling them to collaborate. Indeed, botnet malware is the Swiss Army knife of cybercrime because botmasters can tell bots in their thrall to implant malware on vulnerable machines, send phishing emails, or engage in click fraud allowing botnets to profit from directing bots to click pay-per-click ads. Click fraud is especially lucrative, as Paras Jha would later discover. In 2018, the ZeroAccess botnet could earn $100,000 a day in click fraud. It commanded a million infected PCs spanning 198 countries, including the island nation of Kiribati and the Himalayan Kingdom of Bhutan. 

Botnets are great DDoS weapons because they can be trained on a target. One day in February 2000, the hacker MafiaBoy knocked out Fifa.com, Amazon.com, Dell, E*TRADE, eBay, CNN, as well as Yahoo!, then the largest search engine on the internet. He overpowered these web servers by commandeering computers in forty-eight different universities and joining them together into a primitive botnet. When each sent requests to the same IP address at the same time, the collective weight of the requests crashed the website. 

After taking so many major websites off-line, MafiaBoy was deemed a national security threat. President Clinton ordered a countrywide manhunt to find him. In April 2000, MafiaBoy was arrested and charged, and in January 2001 he pled guilty to fifty-eight charges of Denial of Service attacks. Law enforcement did not reveal MafiaBoy’s real name, as this national security threat was only fifteen years old. MafiaBoy later revealed himself to be Michael Calce. “You know I’m a pretty calm, collected, cool person,” Calce reported. “But when you have the president of the United States and attorney general basically calling you out and saying, ‘We’re going to find you’ . . . at that point I was a little bit worried.” Calce now works in the cybersecurity industry as a white hat — a good hacker, as opposed to a black hat, after serving five months in juvenile detention. 

Both MafiaBoy and the VDoS crew were adolescent boys who crashed servers. But whereas MafiaBoy did it for the lulz, VDoS did it for the money. Indeed, these teenage Israeli kids were pioneering tech entrepreneurs. They helped launch a new form of cybercrime: DDoS as a service. DDoS as a service is a subscription-based model that gives subscribers access to a botnet to launch either a daily quota or unlimited attacks, depending on the price. DDoS providers are known as booter services or stressor services. They come with user-friendly websites that enable customers to choose the type of account, pay for subscriptions, check status of service, launch attacks, and receive tech support. 

VDoS advertised their booter service on Hack Forums, the same site on which, according to Coelho, Paras Jha spent hours. On their website, www.vdos-s.com, VDoS offered the following subscription services: Bronze ($19.99/month), Silver ($29.99/month), Gold ($39.99/month), and VIP ($199.99/month) accounts. The higher the price, the more attack time and volume. At its peak in 2015, VDoS had 1,781 subscribers. The gang had a customer service department and, for a time, accepted PayPal. From 2014 to 2016, VDoS earned $597,862, and it launched 915,287 DDoS attacks in one year. 

VDoS democratized DDoS. Even the most inexperienced user could subscribe to one of these accounts, type in a domain name, and attack its website. “The problem is that this kind of firepower is available to literally anyone willing to pay thirty dollars a month,” Allison Nixon, director of security research at business-risk-intelligence firm Flashpoint, explained. “Basically what this means is that you must have DDoS protection to participate on the internet. Otherwise, any angry young teenager is going to be able to take you off-line in a heartbeat.” Even booter services need DDoS protection. VDoS hired Cloudflare, one of the largest DDoS mitigation companies in the world. 

DDoS as a service was following a trend in cybercrime known as “malware as a service.” Where users had once bought information about software vulnerabilities and tried to figure out how to exploit those vulnerabilities themselves, or had bought malicious software and tried to figure out how to install and execute it, they could now simply pay for the use of malware and hack with the click of a button, no technical knowledge required.

Because customers who use DDoS as a service are inexperienced, they are particularly vulnerable to scams. Fraudsters often advertise booter services on public discussion boards and accept orders and payment, but do not launch the promised attacks. Even VDoS, which did provide DDoS service, did so less aggressively than advertised. When tested by Flashpoint, VDoS botnet never hit the promised fifty gigabits/second maximum, ranging instead from six to fourteen gigabits/second.

The boards that advertise booter services, as Hack Forums once did, are accessible to anyone with a standard browser and internet connection. They exist on the Clear Web, not on the so-called Dark Web. To access sites on the Dark Web you must use a special network, known as Tor, typically using a special browser known as the Tor Browser. When a user tries to access a website on the Dark Web, the Tor Browser does not request web pages directly. It chooses three random sites—known as nodes—through which to route the request. The first node knows the original sender, but not the ultimate destination. The second node knows neither the original source nor the ultimate destination—it recognizes only the first node and the third node. The third node knows the ultimate destination, but not the original sender. In this way, the sender and receiver can communicate with each other without either knowing the other’s identity.

The Dark Web is doubly anonymous. No one but the website owner knows its IP address. No one but the visitor knows that they are accessing the website. The Dark Web, therefore, tends to be used by political dissidents and cybercriminals—anyone who needs total anonymity. The Dark Web is legal to browse, but many of its websites offer services that are illegal to use. (Fun fact: the U.S. Navy created the Dark Web in the mid-1990s to enable their intelligence agents to communicate confidentially.)

It might be surprising that DDoS providers could advertise on the Clear Web. After all, DDoS-ing another website is illegal everywhere. In the United States, one violates the Computer Fraud and Abuse Act if one “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization,” where damage includes “any impairment to the . . . availability of data, a program, a system, or information.” To get around this, booter services have long argued they perform a legitimate “stressor” function, providing those who set up web pages a means to stress test websites. Indeed, booter services routinely include terms of service that prohibit attacks on unauthorized sites and disclaim all responsibility for any such attacks.

In theory, stressor sites play an important function. But only in theory. Private chats between VDoS and its customers indicated that they were not stressing their own websites. As a booter service provider admitted to Cambridge University researchers, “We do try to market these services towards a more legitimate user base, but we know where the money comes from.”

“Learn to code.” That three-word pejorative is perpetually on the lips and at the fingertips of internet trolls and tech bros whenever media layoffs are announced. A useless sentiment in its own right, but with the recent advent of code generating AIs, knowing the ins and outs of a programming language like Python could soon be about as useful as knowing how to fluently speak a dead language like Sanskrit. In fact, these genAIs are already helping professional software developers code faster and more effectively by handling much of the programming grunt work.

How coding works

Two of today’s most widely distributed and written coding languages are Java and Python. The former almost single handedly revolutionized cross-platform operation when it was released in the mid-’90s and now drives “everything from smartcards to space vehicles,” according to Java Magazine in 2020 — not to mention Wikipedia’s search function and all of Minecraft. The latter actually predates Java by a few years and serves as the code basis for many modern apps like Dropbox, Spotify and Instagram.

They differ significantly in their operation in that Java needs to be compiled (having its human-readable code translated into computer-executable machine code) before it can run, while Python is an interpreted language which means that its human code is converted into machine code line-by-line as the program executes, enabling it to run without first being compiled. The interpretation method allows code to be more easily written for multiple platforms while compiled code tends to be focused to a specific processor type. Regardless of how they run, the actual code-writing process is nearly identical between the two: somebody has to sit down, crack open a text editor or Integrated Development Environment (IDE) and actually write out all those lines of instruction. And up until recently, that somebody typically was a human.

The “classical programming” writing process of today isn’t that different from the process those of ENIAC, with a software engineer taking a problem, breaking it down into a series of sub-problems, writing code to solve each of those sub-problems in order, and then repeatedly debugging and recompiling the code until it runs. “Automatic programming,” on the other hand, removes the programmer by a degree of separation. Instead of a human writing each line of code individually, the person creates a high-level abstraction of the task for the computer to then generate low level code to address. This differs from “interactive” programming, which allows you to code a program while it is already running.

Today’s conversational AI coding systems, like what we see in Github’s Copilot or OpenAI’s ChatGPT, remove the programmer even further by hiding the coding process behind a veneer of natural language. The programmer tells the AI what they want programmed and how, and the machine can automatically generate the required code.

Building the tools to build the tools allowing any tool to build tools

Among the first of this new breed of conversational coding AIs was Codex, which was developed by OpenAI and released in late 2021. OpenAI had already implemented GPT-3 (precursor to GPT-3.5 that powers BingChat public) by this point, the large language model remarkably adept at mimicking human speech and writing after being trained on billions of words from the public web. The company then fine-tuned that model using 100-plus gigabytes of GitHub data to create Codex. It is capable of generating code in 12 different languages and can translate existing programs between them.

Codex is adept at generating small, simple or repeatable assets, like “a big red button that briefly shakes the screen when clicked” or regular functions like the email address validator on a Google Web Form. But no matter how prolific your prose, you won’t be using it for complex projects like coding a server-side load balancing program — it’s just too complicated an ask.

Google’s DeepMind developed AlphaCode specifically to address such challenges. Like Codex, AlphaCode was first trained on multiple gigabytes of existing GitHub code archives, but was then fed thousands of coding challenges pulled from online programming competitions, like figuring out how many binary strings with a given length don’t contain consecutive zeroes.

To do this, AlphaCode will generate as many as a million code candidates, then reject all but the top 1 percent to pass its test cases. The system will then group the remaining programs based on the similarity of their outputs and sequentially test them until it finds a candidate that successfully solves the given problem. Per a 2022 study published in Science, AlphaCode managed to correctly answer those challenge questions 34 percent of the time (compared to Codex’s single-digit success on the same benchmarks, that’s not bad). DeepMind even entered AlphaCode in a 5,000-competitor online programming contest, where it surpassed nearly 46 percent of the human competitors.

Now even the AI has notes

Just as GPT-3.5 serves as a foundational model for ChatGPT, Codex serves as the basis for GitHub’s Copilot AI. Trained on billions of lines of code assembled from the public web, Copilot offers cloud-based AI-assisted coding autocomplete features through a subscription plugin for the Visual Studio Code, Visual Studio, Neovim, and JetBrains integrated development environments (IDEs).

Initially released as a developer’s preview in June of 2021, Copilot was among the very first coding capable AIs to reach the market. More than a million devs have leveraged the system in the two years since, GitHub's VP of Product Ryan J Salva, told Engadget during a recent interview. With Copilot, users can generate runnable code from natural language text inputs as well as autocomplete commonly repeated code sections and programming functions.

Salva notes that prior to Copilot’s release, GitHub’s previous machine-generated coding suggestions were only accepted by users 14 - 17 percent of the time, “which is fine. It means it was helping developers along.” In the two years since Copilot’s debut, that figure has grown to 35 percent, “and that's netting out to just under half of the amount of code being written [on GitHub] — 46 percent by AI to be exact.”

“[It’s] not a matter of just percentage of code written,” Salva clarified. “It's really about the productivity, the focus, the satisfaction of the developers who are creating.”

As with the outputs of natural language generators like ChatGPT, the code coming from Copilot is largely legible, but like any large language model trained on the open internet, GitHub made sure to incorporate additional safeguards against the system unintentionally producing exploitable code.

“Between when the model produces a suggestion and when that suggestion is presented to the developer,” Salva said, “we at runtime perform … a code quality analysis for the developer, looking for common errors or vulnerabilities in the code like cross-site scripting or path injection.”

That auditing step is meant to improve the quality of recommended code over time rather than monitor or police what the code might be used for. Copilot can help developers create the code that makes up malware, the system won’t prevent it. “We've taken the position that Copilot is there as a tool to help developers produce code,” Salva said, pointing to the numerous White Hat applications for such a system. “Putting a tool like Copilot in their hands … makes them more capable security researchers,” he continued.

As the technology continues to develop, Salva sees generative AI coding to expand far beyond its current technological bounds. That includes “taking a big bet” on conversational AI. “We also see AI-assisted development really percolating up into other parts of the software development life cycle,” he said, like using AI to autonomously repair a CI/CD build errors, patch security vulnerabilities, or have the AI review human-written code.

“Just as we use compilers to produce machine-level code today, I do think they'll eventually get to another layer of abstraction with AI that allows developers to express themselves in a different language,” Salva said. “Maybe it's natural language like English or French, or Korean. And that then gets ‘compiled down’ to something that the machines can understand,” freeing up engineers and developers to focus on the overall growth of the project rather than the nuts and bolts of its construction.

From coders to gabbers

With human decision-making still firmly wedged within the AI programming loop, at least for now, we have little to fear from having software writing software. As Salva noted, computers already do this to a degree when compiling code, and digital gray goos have yet to take over because of it. Instead, the most immediate challenges facing programming AI mirror those of generative AI in general: inherent biases skewing training data, model outputs that violate copyright, and concerns surrounding user data privacy when it comes to training large language models.

GitHub is far from alone in its efforts to build an AI programming buddy. OpenAI’s ChatGPT is capable of generating code — as are the already countless indie variants being built atop the GPT platform. So too is Amazon’s AWS CodeWhisperer system, which provides much of the same autocomplete functionality as Copilot, but optimized for use within the AWS framework. After multiple requests from users, Google incorporated code generation and debugging capabilities into Bard this past April as well, ahead of its ecosystem-wide pivot to embrace AI at I/O 2023 and the release of Codey, Alphabet’s answer to Copilot. We can’t be sure yet what generative coding systems will eventually become or how it might impact the tech industry — we could be looking at the earliest iterations of a transformative democratizing technology, or it could be Clippy for a new generation.

At the start of the month, Facebook's parent company Meta announced via blog post its intent to remove availability of its news service from FB and Instagram users in Canada should the Canadian government pass the Online News Act. That bill passed on Thursday and, within hours, Meta responded by making good on its threat.

"Today, we are confirming that news availability will be ended on Facebook and Instagram for all users in Canada prior to the Online News Act (Bill C-18) taking effect," the company posted. "We have repeatedly shared that in order to comply with Bill C-18, passed today in Parliament, content from news outlets, including news publishers and broadcasters, will no longer be available to people accessing our platforms in Canada"

This is a developing story. Please check back for updates.

The human hand is a marvel of evolutionary development, offering 27 degrees of freedom and unrivaled touch sensitivity. But it's the same aspects that make our hands so, well, handy, that also make them an absolute nightmare to recreate robotically. That's why one team of researchers has abandoned human-derived gripper design in favor of woodlice.

Look, at least they're not the desiccated and re-inflated tarantula corpses that a team of Rice University researchers created in 2022. Those manipulators were a novel proof of concept in that they exploited the natural mechanisms spiders use for locomotion — specifically that their limbs move through a combination of fluid pressure and flexor muscles, rather than the antagonistic pairs that mammals have — though the system was really only good for as long as the corpses held together. 

Tohoku University via NewScientist

The new system designed by Dr. Josephine Galipon and her team at Japan's Tohoku University builds on the earlier work with "necrobotic" spiders but relies on bugs that are still alive. "To our knowledge, there is no prior example of whole living organisms being used as end effectors for robotic arms, which we propose here," Galipon points out in Biological Organisms as End Effectors. The team relies on both captured woodlice (aka rolly-pollies) and captive chitons (small marine mollusks) to temporarily serve as a robot's hands.

They first 3D printed tiny seats for the animals to sit on at the end of the robot's manipulator arm, then set the woodlice and chitons to task, picking up tufts of cotton and submerged cork, respectively. The results were about as promising as one could really hope for: the woodlice futzed around with the cotton for about two minutes before losing interest, while the chiton's grabbed hold of their prizes and had to be actively separated from them. Still, the fact that the chiton got a grip at all was promising, given existing difficulties in using suction cups and similar mechanical methods underwater. Granted, much more work needs to be completed before these early concepts can even potentially be adapted into functional and efficient robotics systems.

The team's work also raises ethical questions about the test animals' welfare, such as whether they are being forced to perform against their will and how such motivations are delivered. “Especially for sentient animals, we would like to establish a kind of mutual interaction with a cooperative relationship,” Galipon told New Scintist. “It’s a little bit different from domestication, but just a cooperation, where the animal can then go about its day." To be fair, it's certainly less invasive than your average cyborg cockroach research.

While lawmakers in Congress (and soon, the Senate) call for a "blue-ribbon commission" to study the potential impacts of AI on American society, President Biden on Tuesday met with leaders in the emerging field to discuss and debate the issue directly. The President met with Tristan Harris, executive director of the Center for Human Technology; Fei-Fei Li, Co-Director of Stanford’s Human-Centered AI Institute; and Jennifer Doudna, Professor of Chemistry at UC Berkeley, among others, at the Fairmont hotel in San Francisco.

Staying atop the growing swell of AI technology advancements in recent months and years, specifically the emergence of generative AI systems, has become a focal point for the Biden administration. Generative AI systems hold the promise to revolutionize many sectors of the economy and drastically reimagine the nature of modern office work. However, those same systems could just as likely wipe out entire professions, as the fields of digital art and journalism are now experiencing. 

The White House announced a $140 million investment in May to establish seven new National AI Research Institutes and has begun investigating the technology's use in business. As the White House chief of staff's office told AP, top White House staff meet regularly on the subject, two to three times each week. Biden himself has reportedly met with multiple subject matter experts and technical advisors on the subject to discuss, "the importance of protecting rights and safety to ensure responsible innovation and appropriate safeguards."