Enlarge / An AI-generated image from DALL-E 2 created with the prompt "A painting by Grant Wood of an astronaut couple, american gothic style." (credit: AI Pictures That Go Hard / X)

When OpenAI's DALL-E 2 debuted on April 6, 2022, the idea that a computer could create relatively photorealistic images on demand based on just text descriptions caught a lot of people off guard. The launch began an innovative and tumultuous period in AI history, marked by a sense of wonder and a polarizing ethical debate that reverberates in the AI space to this day.

Last week, OpenAI turned off the ability for new customers to purchase generation credits for the web version of DALL-E 2, effectively killing it. From a technological point of view, it's not too surprising that OpenAI recently began winding down support for the service. The 2-year-old image generation model was groundbreaking for its time, but it has since been surpassed by DALL-E 3's higher level of detail, and OpenAI has recently begun rolling out DALL-E 3 editing capabilities.

But for a tight-knit group of artists and tech enthusiasts who were there at the start of DALL-E 2, the service's sunset marks the bittersweet end of a period where AI technology briefly felt like a magical portal to boundless creativity. "The arrival of DALL-E 2 was truly mind-blowing," illustrator Douglas Bonneville told Ars in an interview. "There was an exhilarating sense of unlimited freedom in those first days that we all suspected AI was going to unleash. It felt like a liberation from something into something else, but it was never clear exactly what."

Enlarge (credit: Getty Images)

It's easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at a near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers.

Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data "credits" to customers who pay in bitcoin, ethereum, or other cryptocurrency. Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has "no bots," but "we know it exists."

• 

  An example of Spy Pet's service from its website. Shown are a user's nicknames, connected accounts, banner image, server memberships, and messages across those servers tracked by Spy Pet. [credit: Spy Pet ]

As Cox notes, Discord doesn't make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search. But many Discord users many not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user. 404 Media confirmed the service's function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.

Enlarge (credit: Getty | YinYang)

In a disturbing sign of the times, Medicare this week implemented a change to its claims-processing system that adds two extra digits to money amounts, expanding the fields from eight digits to 10. The change now allows for billing and payment totals of up to $99,999,999.99, or a penny shy of $100 million.

In a notice released last month, the Centers for Medicare & Medicaid Services (CMS) explained the change, writing, "With the increase of Part B procedures/treatments exceeding the $999,999.99 limitation, CMS is implementing the expansion of display screens for monetary amount fields related to billing and payment within [the Fiscal Intermediary Shared System (FISS)] to accept and process up to 10 digits ($99,999,999.99)."

The FISS is the processing system used by hospitals and doctors' offices to process Medicare claims.

Enlarge (credit: Getty Images)

Voice synthesis has come a long way since 1978's Speak & Spell toy, which once wowed people with its state-of-the-art ability to read words aloud using an electronic voice. Now, using deep-learning AI models, software can create not only realistic-sounding voices, but also convincingly imitate existing voices using small samples of audio.

Along those lines, OpenAI just announced Voice Engine, a text-to-speech AI model for creating synthetic voices based on a 15-second segment of recorded audio. It has provided audio samples of the Voice Engine in action on its website.

Once a voice is cloned, a user can input text into the Voice Engine and get an AI-generated voice result. But OpenAI is not ready to widely release its technology yet. The company initially planned to launch a pilot program for developers to sign up for the Voice Engine API earlier this month. But after more consideration about ethical implications, the company decided to scale back its ambitions for now.

Enlarge (credit: Busà Photography | Moment Unreleased)

OpenAI is now boldly claiming that The New York Times "paid someone to hack OpenAI’s products" like ChatGPT to "set up" a lawsuit against the leading AI maker.

In a court filing Monday, OpenAI alleged that "100 examples in which some version of OpenAI’s GPT-4 model supposedly generated several paragraphs of Times content as outputs in response to user prompts" do not reflect how normal people use ChatGPT.

Instead, it allegedly took The Times "tens of thousands of attempts to generate" these supposedly "highly anomalous results" by "targeting and exploiting a bug" that OpenAI claims it is now "committed to addressing."

Enlarge (credit: Jakub Porzycki/NurPhoto via Getty Images)

Reddit filed to go public on Thursday (PDF), revealing various details of the social media company's inner workings. Among the revelations, Reddit acknowledged the threat of future user protests and the value of third-party Reddit apps.

On July 1, Reddit enacted API rule changes—including new, expensive pricing —that resulted in many third-party Reddit apps closing. Disturbed by the changes, the timeline of the changes, and concerns that Reddit wasn’t properly appreciating third-party app developers and moderators, thousands of Reddit users protested by making the subreddits they moderate private, read-only, and/or engaging in other forms of protest, such as only discussing John Oliver or porn.

Protests went on for weeks and, at their onset, crashed Reddit for three hours. At the time, Reddit CEO Steve Huffman said the protests did not have “any significant revenue impact so far.”

Enlarge (credit: Getty)

Last year, Reddit sparked massive controversy when it dramatically changed the prices and rules associated with accessing its API. The changes were so drastic and polarizing that they led to an epic protest from Reddit users and moderators that saw thousands of subreddits going private and engaging in other forms of inconvenience for weeks. Things got ugly, but Reddit still ushered in the changes, resulting in mounds of third-party Reddit apps announcing their permanent closure.

It's been about seven months since the changes, so I wanted to see what Reddit's third-party app ecosystem looks like now. Are surviving third-party Reddit apps that started charging users making money? Are developers confident they'll be able to keep their apps open for the long term?

And some apps are still available despite not charging a subscription fee. How is that possible?

Enlarge (credit: Getty Images | NurPhoto )

One year after Meta sued a data-scraping company, a federal judge this week threw out Meta's breach-of-contract claim because the defendant obtained only public data from Facebook and Instagram.

Meta sued Bright Data in January 2023, making claims of breach of contract and tortious interference with contract. Bright Data is an Israeli company that collects data from various websites and offers related products to businesses.

"Bright Data concedes that it was bound to Meta's Terms while it had Facebook and Instagram accounts, and that it sells data collected from Facebook and Instagram," US District Judge Edward Chen wrote in a ruling issued Tuesday. "However, even viewing the evidence in the light most favorable to the non-moving party (Meta)... the Facebook and Instagram Terms do not bar logged-off scraping of public data; perforce it does not prohibit the sale of such public data. Therefore, the Terms cannot bar Bright Data's logged-off scraping activities."

Enlarge (credit: Getty Images)

Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments.

Terrapin, as the vulnerability has been named, came to light two weeks ago in a research paper published by academic researchers. Tracked as CVE-2023-48795, the attack the researchers devised works when attackers have an adversary-in-the-middle attack (also abbreviated as AitM and known as man-in-the-middle or MitM), such as when they’re positioned on the same local network and can secretly intercept communications and assume the identity of both the recipient and the sender.

In those instances, Terrapin allows attackers to alter or corrupt information transmitted in the SSH data stream during the handshake—the earliest connection stage, when the two parties negotiate the encryption parameters they will use to establish a secure connection. As such, Terrapin represents the first practical cryptographic attack targeting the integrity of the SSH protocol itself. It works by targeting BPP (Binary Packet Protocol), which is designed to ensure AitMs can’t add or drop messages exchanged during the handshake. This prefix truncation attack works when implementations support either the "ChaCha20-Poly1305" or "CBC with Encrypt-then-MAC," cipher modes, which, at the time the paper was published, was found in 77 percent of SSH servers.

Enlarge (credit: Getty Images)

On Monday at the OpenAI DevDay event, company CEO Sam Altman announced a major update to its GPT-4 language model called GPT-4 Turbo, which can process a much larger amount of text than GPT-4 and features a knowledge cutoff of April 2023. He also introduced APIs for DALL-E 3, GPT-4 Vision, and text-to-speech—and launched an "Assistants API" that makes it easier for developers to build assistive AI apps.

OpenAI hosted its first-ever developer event on November 6 in San Francisco called DevDay. During the opening keynote delivered by Altman in front of a small audience, the CEO showcased the wider impacts of its AI technology in the world, including helping people with tech accessibility. Altman shared some stats, saying that over 2 million developers are building apps using its APIs, over 92 percent of Fortune 500 companies are building on their platform, and that ChatGPT has over 100 million active weekly users.

At one point, Microsoft CEO Satya Nadella made a surprise appearance on the stage, talking with Altman about the deepening partnership between Microsoft and OpenAI and sharing some general thoughts about the future of the technology, which he thinks will empower people.

Enlarge (credit: Jonathan Gitlin)

Before last week, owners of certain Mazda vehicles who also had a Home Assistant setup could create some handy connections for their car.

One CX60 driver had a charger that would only power on when it confirmed his car was plugged in and would alert him if he left the trunk open. Another used Home Assistant to control their charger based on the dynamic prices of an Agile Octopus energy plan. Yet another had really thought it through, using Home Assistant to check the gas before their morning commute, alert them if their windows were down before rain was forecast, and remotely unlock and start the car in cold conditions. The possibilities were vast and purportedly beyond what Mazda's official app offered.

Mazda, however, had issues with the project, which was largely the free-time work of one software developer, Brandon Rothweiler. In a Digital Millennium Copyright Act (DMCA) notice sent to GitHub, Mazda (or an authorized agent) alleges that Rothweiler's integration:

Enlarge / The 23andMe logo displayed on a smartphone screen.

Genetic profiling service 23andMe has commenced an investigation after private user data was scraped off its website

Friday’s confirmation comes five days after an unknown entity took to an online crime forum to advertise the sale of private information for millions of 23andMe users. The forum posts claimed that the stolen data included origin estimation, phenotype, health information, photos, and identification data. The posts claimed that 23andMe’s CEO was aware the company had been “hacked” two months earlier and never revealed the incident. In a statement emailed after this post went live, a 23andMe representative said that "nothing they have posted publicly indicates they actually have any 'health information.' These are all unsubstantiated claims at this point."

23andMe officials on Friday confirmed that private data for some of its users is, in fact, up for sale. The cause of the leak, the officials said, is data scraping, a technique that essentially reassembles large amounts of data by systematically extracting smaller amounts of information available to individual users of a service. Attackers gained unauthorized access to the individual 23andMe accounts, all of which had been configured by the user to opt in to a DNA relative feature that allows them to find potential relatives.