microsoft – Page 6

US agencies to probe AI dominance of Nvidia, Microsoft, and OpenAI

microsoft, microsoft ai, NVIDIA, nvidia ai, openai, Policy / Mike M. / June 6, 2024

AI Antitrust —

DOJ to probe Nvidia while FTC takes lead in investigating Microsoft and OpenAI.

Jon Brodkin – Jun 6, 2024 6: 34 pm UTC

Enlarge / Nvidia logo at Impact 2024 event in Poznan, Poland on May 16, 2024.

Getty Images | NurPhoto

The US Justice Department and Federal Trade Commission reportedly plan investigations into whether Nvidia, Microsoft, and OpenAI are snuffing out competition in artificial intelligence technology.

The agencies struck a deal on how to divide up the investigations, The New York Times reported yesterday. Under this deal, the Justice Department will take the lead role in investigating Nvidia’s behavior while the FTC will take the lead in investigating Microsoft and OpenAI.

The agencies’ agreement “allows them to proceed with antitrust investigations into the dominant roles that Microsoft, OpenAI, and Nvidia play in the artificial intelligence industry, in the strongest sign of how regulatory scrutiny into the powerful technology has escalated,” the NYT wrote.

One potential area of investigation is Nvidia’s chip dominance, “including how the company’s software locks customers into using its chips, as well as how Nvidia distributes those chips to customers,” the report said. An Nvidia spokesperson declined to comment when contacted by Ars today.

High-end GPUs are “scarce,” antitrust chief says

Jonathan Kanter, the assistant attorney general in charge of the DOJ’s antitrust division, discussed the agency’s plans in an interview with the Financial Times this week. Kanter said the DOJ is examining “monopoly choke points and the competitive landscape” in AI.

The DOJ’s examination of the sector encompasses “everything from computing power and the data used to train large language models, to cloud service providers, engineering talent and access to essential hardware such as graphics processing unit chips,” the FT wrote.

Kanter said regulators are worried that AI is “at the high-water mark of competition, not the floor” and want to take action before smaller competitors are shut out of the market. The GPUs needed to train large language models are a “scarce resource,” he was quoted as saying.

“Sometimes the most meaningful intervention is when the intervention is in real time,” Kanter told the Financial Times. “The beauty of that is you can be less invasive.”

Microsoft deal scrutinized

The FTC is scrutinizing Microsoft over a March 2024 move in which it hired the CEO of artificial intelligence startup Inflection and most of the company’s staff and paid Inflection $650 million as part of a licensing deal to resell its technology. The FTC is investigating whether Microsoft structured the deal “to avoid a government antitrust review of the transaction,” The Wall Street Journal reported today.

“Companies are required to report acquisitions valued at more than $119 million to federal antitrust-enforcement agencies, which have the option to investigate a deal’s impact on competition,” the WSJ wrote. The FTC reportedly sent subpoenas to Microsoft and Inflection in an attempt “to determine whether Microsoft crafted a deal that would give it control of Inflection but also dodge FTC review of the transaction.”

Inflection built a large language model and a chatbot called Pi. Former Inflection employees are now working on Microsoft’s Copilot chatbot.

“If the agency finds that Microsoft should have reported and sought government review of its deal with Inflection, the FTC could bring an enforcement action against Microsoft,” the WSJ report said. “Officials could ask a court to fine Microsoft and suspend the transaction while the FTC conducts a full-scale investigation of the deal’s impact on competition.”

Microsoft told the WSJ that it complied with antitrust laws, that Inflection continues to operate independently, and that the deals gave Microsoft “the opportunity to recruit individuals at Inflection AI and build a team capable of accelerating Microsoft Copilot.”

OpenAI

Microsoft’s investment in OpenAI has also faced regulatory scrutiny, particularly in Europe. Microsoft has a profit-sharing agreement with OpenAI.

Microsoft President Brad Smith defended the partnership in comments to the Financial Times this week. “The partnerships that we’re pursuing have demonstrably added competition to the marketplace,” Smith was quoted as saying. “I might argue that Microsoft’s partnership with OpenAI has created this new AI market,” and that OpenAI “would not have been able to train or deploy its models” without Microsoft’s help, he said.

We contacted OpenAI today and will update this article if it provides any comment.

In January 2024, the FTC launched an inquiry into AI-related investments and partnerships involving Alphabet, Amazon, Anthropic, Microsoft, and OpenAI.

The FTC also started a separate investigation into OpenAI last year. A civil investigative demand sent to OpenAI focused on potentially unfair or deceptive privacy and data security practices, and “risks of harm to consumers, including reputational harm.” The probe focused partly on “generation of harmful or misleading content.”

US agencies to probe AI dominance of Nvidia, Microsoft, and OpenAI Read More »

Microsoft to test “new features and more” for aging, stubbornly popular Windows 10

microsoft, Tech, Windows 10, windows 10 22h2, Windows 11, windows insider / Mike M. / June 5, 2024

but the clock is still ticking —

Support ends next year, but Windows 10 remains the most-used version of the OS.

Andrew Cunningham – Jun 5, 2024 12: 50 pm UTC

In October 2025, Microsoft will stop supporting Windows 10 for most PC users, which means no more technical support and (crucially) no more security updates unless you decide to pay for them. To encourage adoption, the vast majority of new Windows development is happening in Windows 11, which will get one of its biggest updates since release sometime this fall.

But Windows 10 is casting a long shadow. It remains the most-used version of Windows by all publicly available metrics, including Statcounter (where Windows 11’s growth has been largely stagnant all year) and the Steam Hardware Survey. And last November, Microsoft decided to release a fairly major batch of Windows 10 updates that introduced the Copilot chatbot and other changes to the aging operating system.

That may not be the end of the road. Microsoft has announced that it is reopening a Windows Insider Beta Channel for PCs still running Windows 10, which will be used to test “new features and more improvements to Windows 10 as needed.” Users can opt into the Windows 10 Beta Channel regardless of whether their PC meets the requirements for Windows 11; if your PC is compatible, signing up for the less-stable Dev or Canary channels will still upgrade your PC to Windows 11.

Any new Windows 10 features that are released will be added to Windows 10 22H2, the operating system’s last major yearly update. Per usual for Windows Insider builds, Microsoft may choose not to release all new features that it tests, and new features will be released for the public version of Windows 10 “when they’re ready.”

One thing this new beta program doesn’t change is the end-of-support date for Windows 10, which Microsoft says is still October 14, 2025. Microsoft says that joining the beta program doesn’t extend support. The only way to continue getting Windows 10 security updates past 2025 is to pay for the Extended Security Updates (ESU) program; Microsoft plans to offer these updates to individual users but still hasn’t announced pricing for individuals. Businesses will pay as much as $61 per PC for the first year of updates, while schools will pay as little as $1 per PC.

Beta program or no, we still wouldn’t expect Windows 10 to change dramatically between now and its end-of-support date. We’d guess that most changes will relate to the Copilot assistant, given how aggressively Microsoft has moved to add generative AI to all of its products. For example, the Windows 11 version of Copilot is shedding its “preview” tag and becoming an app that runs in a regular window rather than a persistent sidebar, changes Microsoft could also choose to implement in Windows 10.

Microsoft to test “new features and more” for aging, stubbornly popular Windows 10 Read More »

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned

AI, copilot, copilot+ PC, Features, microsoft, NPU, Tech, Windows, Windows 11, windows 11 24h2 / Mike M. / June 4, 2024

Enlarge / The Recall feature as it currently exists in Windows 11 24H2 preview builds.

Andrew Cunningham

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows’ disk encryption technologies, which are generally on by default if you’ve signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user’s Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall’s snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

“Fundamentally breaks the promise of security in Windows”

Enlarge / This is Recall, as seen on a PC running a preview build of Windows 11 24H2. It takes and saves periodic screenshots, which can then be searched for and viewed in various ways.

Andrew Cunningham

Security researcher Kevin Beaumont, first in a thread on Mastodon and later in a more detailed blog post, has written about some of the potential implementation issues after enabling Recall on an unsupported system (which is currently the only way to try Recall since Copilot+ PCs that officially support the feature won’t ship until later this month). We’ve also given this early version of Recall a try on a Windows Dev Kit 2023, which we’ve used for all our recent Windows-on-Arm testing, and we’ve independently verified Beaumont’s claims about how easy it is to find and view raw Recall data once you have access to a user’s PC.

To test Recall yourself, developer and Windows enthusiast Albacore has published a tool called AmperageKit that will enable it on Arm-based Windows PCs running Windows 11 24H2 build 26100.712 (the build currently available in the Windows Insider Release Preview channel). Other Windows 11 24H2 versions are missing the underlying code necessary to enable Recall.

Windows uses OCR on all the text in all the screenshots it takes. That text is also saved to an SQLite database to facilitate faster searches.

Andrew Cunningham
Searching for “iCloud,” for example, brings up every single screenshot with the word “iCloud” in it, including the app itself and its entry in the Microsoft Store. If I had visited websites that mentioned it, they would show up here, too.

Andrew Cunningham

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work. Beaumont says “several days” of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC’s native resolution, minus the taskbar area).

Recall works locally thanks to Azure AI code that runs on your device, and it works without Internet connectivity and without a Microsoft account. Data is encrypted at rest, sort of, at least insofar as your entire drive is generally encrypted when your PC is either signed into a Microsoft account or has Bitlocker turned on. But in its current form, Beaumont says Recall has “gaps you can drive a plane through” that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system.

Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned Read More »

Bing outage shows just how little competition Google search really has

AI, ai overview, Bing, Biz & IT, chatgpt, duckduckgo, ecosia, gby, Google, kagi, microsoft, mojeek, reddit, right dao, search, stract, Tech, yandex, yep / Paul Patrick / May 25, 2024

Searching for new search —

Opinion: Actively searching without Google or Bing is harder than it looks.

Kevin Purdy – May 23, 2024 8: 01 pm UTC

Getty Images

Bing, Microsoft’s search engine platform, went down in the very early morning today. That meant that searches from Microsoft’s Edge browsers that had yet to change their default providers didn’t work. It also meant that services relying on Bing’s search API—Microsoft’s own Copilot, ChatGPT search, Yahoo, Ecosia, and DuckDuckGo—similarly failed.

Services were largely restored by the morning Eastern work hours, but the timing feels apt, concerning, or some combination of the two. Google, the consistently dominating search platform, just last week announced and debuted AI Overviews as a default addition to all searches. If you don’t want an AI response but still want to use Google, you can hunt down the new “Web” option in a menu, or you can, per Ernie Smith, tack “&udm=14” onto your search or use Smith’s own “Konami code” shortcut page.

If dismay about AI’s hallucinations, power draw, or pizza recipes concern you—along with perhaps broader Google issues involving privacy, tracking, news, SEO, or monopoly power—most of your other major options were brought down by a single API outage this morning. Moving past that kind of single point of vulnerability will take some work, both by the industry and by you, the person wondering if there’s a real alternative.

Search engine market share, as measured by StatCounter, April 2023–April 2024.

StatCounter

Upward of a billion dollars a year

The overwhelming majority of search tools offering an “alternative” to Google are using Google, Bing, or Yandex, the three major search engines that maintain massive global indexes. Yandex, being based in Russia, is a non-starter for many people around the world at the moment. Bing offers its services widely, most notably to DuckDuckGo, but its ad-based revenue model and privacy particulars have caused some friction there in the past. Before his company was able to block more of Microsoft’s own tracking scripts, DuckDuckGo CEO and founder Gabriel Weinberg explained in a Reddit reply why firms like his weren’t going the full DIY route:

… [W]e source most of our traditional links and images privately from Bing … Really only two companies (Google and Microsoft) have a high-quality global web link index (because I believe it costs upwards of a billion dollars a year to do), and so literally every other global search engine needs to bootstrap with one or both of them to provide a mainstream search product. The same is true for maps btw — only the biggest companies can similarly afford to put satellites up and send ground cars to take streetview pictures of every neighborhood.

Bing makes Microsoft money, if not quite profit yet. It’s in Microsoft’s interest to keep its search index stocked and API open, even if its focus is almost entirely on its own AI chatbot version of Bing. Yet if Microsoft decided to pull API access, or it became unreliable, Google’s default position gets even stronger. What would non-conformists have to choose from then?

Bing outage shows just how little competition Google search really has Read More »

Gordon Bell, an architect of our digital age, dies at age 89

DEC, Digital Equipment Corporation, Gordon Bell, microsoft, Obituaries, obituary, retrotech, Tech, tech legend, VAX / Kris Guyer / May 21, 2024

the great memory register in the sky —

Bell architected DEC’s VAX minicomputers, championed computer history, mentored at Microsoft.

Benj Edwards – May 21, 2024 6: 53 pm UTC

Enlarge / A photo of Gordon Bell speaking at the annual PC Forum in Palm Springs, California, March 1989.

Computer pioneer Gordon Bell, who as an early employee of Digital Equipment Corporation (DEC) played a key role in the development of several influential minicomputer systems and also co-founded the first major computer museum, passed away on Friday, according to Bell Labs veteran John Mashey. Mashey announced Bell’s passing in a social media post on Tuesday morning.

“I am very sad to report [the] death May 17 at age 89 of Gordon Bell, famous computer pioneer, a founder of Computer Museum in Boston, and a force behind the @ComputerHistory here in Silicon Valley, and good friend since the 1980s,” wrote Mashey in his announcement. “He succumbed to aspiration pneumonia in Coronado, CA.”

Bell was a pivotal figure in the history of computing and a notable champion of tech history, having founded Boston’s Computer Museum in 1979 that later became the heart of Computer History Museum in Mountain View, with his wife Gwen Bell. He was also the namesake of the ACM’s prestigious Gordon Bell Prize, created to spur innovations in parallel processing.

Born in 1934 in Kirksville, Missouri, Gordon Bell earned degrees in electrical engineering from MIT before being recruited in 1960 by DEC founders Ken Olsen and Harlan Anderson. As the second computer engineer hired at DEC, Bell worked on various components for the PDP-1 system, including floating-point subroutines, tape controllers, and a drum controller.

Bell also invented the first UART (Universal Asynchronous Receiver-Transmitter) for serial communication during his time at DEC. He went on to architect several influential DEC systems, including the PDP-4 and PDP-6. In the 1970s, he played a key role in overseeing the aforementioned VAX minicomputer line as the engineering manager, with Bill Strecker serving as the primary architect for the VAX architecture.

After retiring from DEC in 1983, Bell remained active as an entrepreneur, policy adviser, and researcher. He co-founded Encore Computer and helped establish the NSF’s Computing and Information Science and Engineering Directorate.

In 1995, Bell joined Microsoft Research where he studied telepresence technologies and served as the subject of the MyLifeBits life-logging project. The initiative aimed to realize Vannevar Bush’s vision of a system that could store all the documents, photos, and audio a person experienced in their lifetime.

Bell was elected to the National Academy of Engineering, National Academy of Sciences, and American Academy of Arts and Sciences. He received the National Medal of Technology from President George H.W. Bush in 1991 and the IEEE’s John von Neumann medal in 1992.

“He was immeasurably helpful”

As news of Bell’s passing spread on social media Tuesday, industry veterans began sharing their memories and condolences. Former Microsoft CTO Ray Ozzie wrote, “I can’t adequately describe how much I loved Gordon and respected what he did for the industry. As a kid I first ran into him at Digital (I was then at DG) when he and Dave were working on VAX. So brilliant, so calm, so very upbeat and optimistic about what the future might hold.”

Ozzie also recalled Bell’s role as a helpful mentor. “The number of times Gordon and I met while at Microsoft – acting as a sounding board, helping me through challenges I was facing – is uncountable,” he wrote.

Former Windows VP Steven Sinofsky also paid tribute to Bell on X, writing, “He was immeasurably helpful at Microsoft where he was a founding advisor and later full time leader in Microsoft Research. He advised and supported countless researchers, projects, and product teams. He was always supportive and insightful beyond words. He never hesitated to provide insights and a few sparks at so many of the offsites that were so important to the evolution of Microsoft.”

“His memory is a blessing to so many,” wrote Sinofsky in his tweet memorializing Bell. “His impact on all of us in technology will be felt for generations. May he rest in peace.”

Gordon Bell, an architect of our digital age, dies at age 89 Read More »

Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away

Apple, Biz & IT, microsoft, return-to-office, spacex, work from home / Mike M. / May 14, 2024

The risk of RTO —

“It’s easier to manage a team that’s happy.”

Scharon Harding – May 14, 2024 2: 40 pm UTC

Someone holding a box with their belonging in an office

A study analyzing Apple, Microsoft, and SpaceX suggests that return to office (RTO) mandates can lead to a higher rate of employees, especially senior-level ones, leaving the company, often to work at competitors.

The study (PDF), published this month by University of Chicago and University of Michigan researchers and reported by The Washington Post on Sunday, says:

In this paper, we provide causal evidence that RTO mandates at three large tech companies—Microsoft, SpaceX, and Apple—had a negative effect on the tenure and seniority of their respective workforce. In particular, we find the strongest negative effects at the top of the respective distributions, implying a more pronounced exodus of relatively senior personnel.

The study looked at résumé data from People Data Labs and used “260 million résumés matched to company data.” It only examined three companies, but the report’s authors noted that Apple, Microsoft, and SpaceX represent 30 percent of the tech industry’s revenue and over 2 percent of the technology industry’s workforce. The three companies have also been influential in setting RTO standards beyond their own companies. Robert Ployhart, a professor of business administration and management at the University of South Carolina and scholar at the Academy of Management, told the Post that despite the study being limited to three companies, its conclusions are a broader reflection of the effects of RTO policies in the US.

“Taken together, our findings imply that return to office mandates can imply significant human capital costs in terms of output, productivity, innovation, and competitiveness for the companies that implement them,” the report reads.

For example, after Apple enacted its RTO mandate, which lets employees work at home part-time, the portion of its employee base considered senior-level decreased by 5 percentage points, according to the paper. Microsoft, which also enacted a hybrid RTO approach, saw a decline of 5 percentage points. SpaceX’s RTO mandate, meanwhile, requires workers to be in an office full time. Its share of senior-level employees fell 15 percentage points after the mandate, the study found.

“We find experienced employees impacted by these policies at major tech companies seek work elsewhere, taking some of the most valuable human capital investments and tools of productivity with them,” one of the report’s authors, Austin Wright, an assistant professor of public policy at the University of Chicago, told the Post.

Christopher Myers, associate professor of management and organization health at Johns Hopkins University, suggested to the Post that the departure of senior-level workers could be tied to the hurt morale that comes from RTO mandates, noting that “it’s easier to manage a team that’s happy.”

Debated topic

Since the lifting of COVID-19 restrictions, whether having employees return to work in an office is necessary or beneficial to companies is up for debate. An estimated 75 percent of tech companies in the US are considered “fully flexible,” per a 2023 report from Scoop. As noted by the Post, however, the US’s biggest metro areas have, on average, 51 percent office occupancy, per data from managed security services firm Kastle Systems, which says it analyzes “keycard, fob and KastlePresence app access data across 2,600 buildings and 41,000 businesses.”

Microsoft declined to comment on the report from University of Chicago and University of Michigan researchers, while SpaceX didn’t respond. Apple representative Josh Rosenstock told The Washington Post that the report drew “inaccurate conclusions” and “does not reflect the realities of our business.” He claimed that “attrition is at historically low levels.”

Yet some companies have struggled to make employees who have spent months successfully doing their jobs at home eager to return to the office. Dell, Amazon, Google, Meta, and JPMorgan Chase have tracked employee badge swipes to ensure employees are coming into the office as often as expected. Dell also started tracking VPN usage this week and has told workers who work remotely full time that they can’t get a promotion.

Some company leaders are adamant that remote work can disrupt a company’s ability to innovate. However, there’s research suggesting that RTO mandates aren’t beneficial to companies. A survey of 18,000 Americans released in March pointed to flexible work schedules helping mental health. And an analysis of 457 S&P 500 companies in February found RTO policies hurt employee morale and don’t increase company value.

Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away Read More »

Report: Microsoft to face antitrust case over Teams

antitrust, EU, microsoft, Policy, syndication, Teams / Rejus Almole / May 13, 2024

VS. —

Unbundling Teams from Office has apparently failed to impress EU regulators.

Javier Espinoza, Financial Times – May 13, 2024 2: 03 pm UTC

Brussels is set to issue new antitrust charges against Microsoft over concerns that the software giant is undermining rivals to its videoconferencing app Teams.

According to three people with knowledge of the move, the European Commission is pressing ahead with a formal charge sheet against the world’s most valuable listed tech company over concerns it is restricting competition in the sector.

Microsoft last month offered concessions as it sought to avoid regulatory action, including extending a plan to unbundle Teams from other software such as Office, not just in Europe but across the world.

However, people familiar with their thinking said EU officials were still concerned that the company did not go far enough to facilitate fairness in the market.

Rivals are concerned that Microsoft will make Teams run more compatibly than rival apps with its own software. Another concern is the lack of data portability, which makes it difficult for existing Teams users to switch to alternatives.

The commission’s move would represent an escalation of a case that dates back to 2020 after Slack, now owned by Salesforce, submitted a formal complaint over Microsoft’s Teams.

It also would end a decade-long truce between EU regulators and the US tech company, after a series of competition probes that ended in 2013. The EU then issued a 561 million euro fine against Microsoft for failure to comply with a decision over the bundling of the Internet Explorer browser with its Windows operating system.

Charges could come in the next few weeks, said the people familiar with the commission’s thinking. Rivals of Microsoft and the commission are meeting this week to discuss the case, in an indication that the charges are being prepared, the people said.

However, they warned that Microsoft could still offer last-minute concessions that would derail the EU’s case, or the commission might decide to delay or scrap the charges against the company.

Microsoft risks fines of up to 10 percent of its global annual turnover if found to have breached the EU competition law.

The company declined to comment but referred to an earlier statement that said it would “continue to engage with the commission, listen to concerns in the marketplace, and remain open to exploring pragmatic solutions that benefit both customers and developers in Europe.”

The commission declined to comment.

The move against Microsoft comes at a time of heightened scrutiny of its activities. The EU is also investigating whether the tech group’s $13 billion alliance with ChatGPT maker OpenAI breaks competition law.

Microsoft is also part of a handful of tech companies, including Google and Meta, caught as “gatekeepers” under the new Digital Markets Act, meaning it has special responsibilities when trading in Europe.

The tech company has also faced complaints from European cloud computing providers that are concerned that Microsoft is abusing its dominant position in the sector to force users to buy its products and squashing competition from smaller start-ups in Europe.

Report: Microsoft to face antitrust case over Teams Read More »

Microsoft launches AI chatbot for spies

AI, Biz & IT, chatgpt, chatgtp, machine learning, microsoft, openai, Policy, secret agents, spies, US government / Rejus Almole / May 8, 2024

Adventures in consequential confabulation —

Air-gapping GPT-4 model on secure network won’t prevent it from potentially making things up.

Benj Edwards – May 7, 2024 7: 22 pm UTC

A person using a computer with a computer screen reflected in their glasses.

Microsoft has introduced a GPT-4-based generative AI model designed specifically for US intelligence agencies that operates disconnected from the Internet, according to a Bloomberg report. This reportedly marks the first time Microsoft has deployed a major language model in a secure setting, designed to allow spy agencies to analyze top-secret information without connectivity risks—and to allow secure conversations with a chatbot similar to ChatGPT and Microsoft Copilot. But it may also mislead officials if not used properly due to inherent design limitations of AI language models.

GPT-4 is a large language model (LLM) created by OpenAI that attempts to predict the most likely tokens (fragments of encoded data) in a sequence. It can be used to craft computer code and analyze information. When configured as a chatbot (like ChatGPT), GPT-4 can power AI assistants that converse in a human-like manner. Microsoft has a license to use the technology as part of a deal in exchange for large investments it has made in OpenAI.

According to the report, the new AI service (which does not yet publicly have a name) addresses a growing interest among intelligence agencies to use generative AI for processing classified data, while mitigating risks of data breaches or hacking attempts. ChatGPT normally runs on cloud servers provided by Microsoft, which can introduce data leak and interception risks. Along those lines, the CIA announced its plan to create a ChatGPT-like service last year, but this Microsoft effort is reportedly a separate project.

William Chappell, Microsoft’s chief technology officer for strategic missions and technology, noted to Bloomberg that developing the new system involved 18 months of work to modify an AI supercomputer in Iowa. The modified GPT-4 model is designed to read files provided by its users but cannot access the open Internet. “This is the first time we’ve ever had an isolated version—when isolated means it’s not connected to the Internet—and it’s on a special network that’s only accessible by the US government,” Chappell told Bloomberg.

The new service was activated on Thursday and is now available to about 10,000 individuals in the intelligence community, ready for further testing by relevant agencies. It’s currently “answering questions,” according to Chappell.

One serious drawback of using GPT-4 to analyze important data is that it can potentially confabulate (make up) inaccurate summaries, draw inaccurate conclusions, or provide inaccurate information to its users. Since trained AI neural networks are not databases and operate on statistical probabilities, they make poor factual resources unless augmented with external access to information from another source using a technique such as retrieval augmented generation (RAG).

Given that limitation, it’s entirely possible that GPT-4 could potentially misinform or mislead America’s intelligence agencies if not used properly. We don’t know what oversight the system will have, any limitations on how it can or will be used, or how it can be audited for accuracy. We have reached out to Microsoft for comment.

Microsoft launches AI chatbot for spies Read More »

Microsoft shuts down Bethesda’s Hi-Fi Rush, Redfall studios

arkane, bethesda, gaming, hi-fi rush, microsoft, tango gameworks / Rejus Almole / May 7, 2024

Closing up shop —

Xbox maker wants to “prioritiz[e] high-impact titles” according to letter to staff.

Kyle Orland – May 7, 2024 3: 28 pm UTC

Artist's conception of Microsoft telling <em>Hi-Fi Rush</em> maker Tango Gameworks they no longer exist as a studio.” src=”https://cdn.arstechnica.net/wp-content/uploads/2024/05/hifirush-800×452.jpeg”></img><figcaption>
<p><a data-height=

Microsoft is shutting down four studios within its Bethesda Softworks subsidiary, according to a staff email obtained by IGN. The closures include Redfall developer Arkane Austin and Hi-Fi Rush studio Tango Gameworks. While some team members will be reassigned to other parts of the company, head of Xbox Game Studios Matt Booty said in a letter to staffers “that some of our colleagues will be leaving us.”

Tango Gameworks confirmed in a short social media message that “Hi-Fi Rush, along with Tango’s previous titles [like The Evil Within], will remain available and playable everywhere they are today.” But the closure of Arkane Austin means that “development will not continue on Redfall,” the company wrote in its own social media update. “Arkane Lyon will continue their focus on immersive experiences where they are hard at work on their upcoming project [Marvel’s Blade].”

In his note to staff, Booty said that [Redfall] “will remain online for players to enjoy and we will provide make-good offers to players who purchased the Hero DLC.”

Mobile-focused Alpha Dog Studios announced that its shutdown would lead to an August 7 closure of the servers for Mighty Doom. Players can request a refund for any in-game currency for that game, which will no longer be sold as of today. Roundhouse Studios, which formed in 2019 to help with development of Redfall, will be absorbed into Elder Scrolls Online studio Zenimax Online, according to Booty’s letter.

Doom studio id Software, Starfield studio Bethesda Game Studios, and Indiana Jones and The Great Circle studio Machine Games seem unaffected by today’s cuts.

A change in focus

Redfall was widely considered a failure inside and outside Microsoft.” height=”360″ src=”https://cdn.arstechnica.net/wp-content/uploads/2024/05/redfall-640×360.jpg” width=”640″>

Enlarge / Arkane Austin’s Redfall was widely considered a failure inside and outside Microsoft.

Arkane Austin

Arkane Austin’s sad fate is not too surprising given that Booty has publicly admitted that Redfall‘s troubled 2023 release was “a miss” for the company. The Tango Gameworks shutdown is more of a shock though, considering that Xbox Marketing VP Aaron Greenberg called Hi-Fi Rush “a breakout hit for us and our players in all key measurements and expectations” less than a year ago. “We couldn’t be happier with what the team at Tango Gameworks delivered with this surprise release,” he wrote at the time.

In his letter to staffers, Booty said the closures were “not a reflection of the creativity and skill of the talented individuals at these teams or the risks they took to try new things.” And while the changes will be “disruptive,” Booty said that they are “grounded in prioritizing high-impact titles and further investing in Bethesda’s portfolio of blockbuster games and beloved worlds which you have nurtured over many decades.”

The consolidation will allow Microsoft to “invest more deeply in our portfolio of games and new IP” and “create capacity to increase investment in other parts of our portfolio and focus on our priority games,” Booty continued.

“This is absolutely terrible,” Arkane Lyon Co-Creative Director Dinga Bakaba wrote in a scathing social media thread. “Permission to be human: to any executive reading this, friendly reminder that video games are an entertainment/cultural industry, and your business as a corporation is to take care of your artists/entertainers and help them create value for you.”

The Bethesda studio closures come just a few months after Microsoft laid off 1,900 employees in its 22,000 employee gaming division following the completion of its long-sought merger with Activision Blizzard.

Microsoft shuts down Bethesda’s Hi-Fi Rush, Redfall studios Read More »

Microsoft plans to lock down Windows DNS like never before. Here’s how.

Biz & IT, domain name system, microsoft, Security, Windows, ztdns / Paul Patrick / May 4, 2024

Translating human-readable domain names into numerical IP addresses has long been fraught with gaping security risks. After all, lookups are rarely end-to-end encrypted. The servers providing domain name lookups provide translations for virtually any IP address—even when they’re known to be malicious. And many end-user devices can easily be configured to stop using authorized lookup servers and instead use malicious ones.

Microsoft on Friday provided a peek at a comprehensive framework that aims to sort out the Domain Name System (DNS) mess so that it’s better locked down inside Windows networks. It’s called ZTDNS (zero trust DNS). Its two main features are (1) encrypted and cryptographically authenticated connections between end-user clients and DNS servers and (2) the ability for administrators to tightly restrict the domains these servers will resolve.

Clearing the minefield

One of the reasons DNS has been such a security minefield is that these two features can be mutually exclusive. Adding cryptographic authentication and encryption to DNS often obscures the visibility admins need to prevent user devices from connecting to malicious domains or detect anomalous behavior inside a network. As a result, DNS traffic is either sent in clear text or it’s encrypted in a way that allows admins to decrypt it in transit through what is essentially an adversary-in-the-middle attack.

Admins are left to choose between equally unappealing options: (1) route DNS traffic in clear text with no means for the server and client device to authenticate each other so malicious domains can be blocked and network monitoring is possible, or (2) encrypt and authenticate DNS traffic and do away with the domain control and network visibility.

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

Jake Williams, VP of research and development at consultancy Hunter Strategies, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”

By default, the firewall will deny resolutions to all domains except those enumerated in allow lists. A separate allow list will contain IP address subnets that clients need to run authorized software. Key to making this work at scale inside an organization with rapidly changing needs. Networking security expert Royce Williams (no relation to Jake Williams) called this a “sort of a bidirectional API for the firewall layer, so you can both trigger firewall actions (by input *tothe firewall), and trigger external actions based on firewall state (output *fromthe firewall). So instead of having to reinvent the firewall wheel if you are an AV vendor or whatever, you just hook into WFP.”

Microsoft plans to lock down Windows DNS like never before. Here’s how. Read More »

Microsoft ties executive pay to security following multiple failures and breaches

azure, Biz & IT, microsoft, midnight blizzard, security breach, storm-0558, Tech / Paul Patrick / May 4, 2024

lock it down —

Microsoft has been criticized for “preventable” failures and poor communication.

Andrew Cunningham – May 3, 2024 8: 25 pm UTC

It’s been a bad couple of years for Microsoft’s security and privacy efforts. Misconfigured endpoints, rogue security certificates, and weak passwords have all caused or risked the exposure of sensitive data, and Microsoft has been criticized by security researchers, US lawmakers, and regulatory agencies for how it has responded to and disclosed these threats.

The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft’s Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity, Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer’s account, which allowed Storm-0558 to collect data from 25 of Microsoft’s Azure customers, including US federal agencies.

In January, Microsoft disclosed that it had been breached again, this time by Russian state-sponsored hacking group Midnight Blizzard. The group was able “to compromise a legacy non-production test tenant account” to gain access to Microsoft’s systems for “as long as two months.”

All of this culminated in a report (PDF) from the US Cyber Safety Review Board, which castigated Microsoft for its “inadequate” security culture, its “inaccurate public statements,” and its response to “preventable” security breaches.

To attempt to turn things around, Microsoft announced something it called the “Secure Future Initiative” in November 2023. As part of that initiative, Microsoft today announced a series of plans and changes to its security practices, including a few changes that have already been made.

“We are making security our top priority at Microsoft, above all else—over all other features,” wrote Microsoft Security Executive Vice President Charlie Bell. “We’re expanding the scope of SFI, integrating the recent recommendations from the CSRB as well as our learnings from Midnight Blizzard to ensure that our cybersecurity approach remains robust and adaptive to the evolving threat landscape.”

As part of these changes, Microsoft will also make its Senior Leadership Team’s pay partially dependent on whether the company is “meeting our security plans and milestones,” though Bell didn’t specify how much executive pay would be dependent on meeting those security goals.

Microsoft’s post describes three security principles (“secure by design,” “secure by default,” and “secure operations”) and six “security pillars” meant to address different weaknesses in Microsoft’s systems and development practices. The company says it plans to secure 100 percent of all its user accounts with “securely managed, phishing-resistant multifactor authentication,” enforce least-privilege access across all applications and user accounts, improve network monitoring and isolation, and retain all system security logs for at least two years, among other promises. Microsoft is also planning to put new deputy Chief Information Security Officers on different engineering teams to track their progress and report back to the executive team and board of directors.

As for concrete fixes that Microsoft has already implemented, Bell writes that Microsoft has “implemented automatic enforcement of multifactor authentication by default across more than 1 million Microsoft Entra ID tenants within Microsoft,” removed 730,000 old and/or insecure apps “to date across production and corporate tenants,” expanded its security logging, and adopted the Common Weakness Enumeration (CWE) standard for its security disclosures.

In addition to Bell’s public security promises, The Verge has obtained and published an internal memo from Microsoft CEO Satya Nadella that re-emphasizes the company’s publicly stated commitment to security. Nadella also says that improving security should be prioritized over adding new features, something that may affect the constant stream of tweaks and changes that Microsoft releases for Windows 11 and other software.

“The recent findings by the Department of Homeland Security’s Cyber Safety Review Board (CSRB) regarding the Storm-0558 cyberattack, from summer 2023, underscore the severity of the threats facing our company and our customers, as well as our responsibility to defend against these increasingly sophisticated threat actors,” writes Nadella. “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems.”

Microsoft ties executive pay to security following multiple failures and breaches Read More »

Email Microsoft didn’t want seen reveals rushed decision to invest in OpenAI

antitrust, Bill Gates, department of justice, Google, google antitrust trial, google monopoly trial, microsoft, openai, Policy, Satya Nadella, us v google / Mike M. / May 2, 2024

I’ve made a huge mistake —

Microsoft CTO made a “mistake” dismissing Google’s AI as a “game-playing stunt.”

Ashley Belanger – May 1, 2024 7: 05 pm UTC

In mid-June 2019, Microsoft co-founder Bill Gates and CEO Satya Nadella received a rude awakening in an email warning that Google had officially gotten too far ahead on AI and that Microsoft may never catch up without investing in OpenAI.

With the subject line “Thoughts on OpenAI,” the email came from Microsoft’s chief technology officer, Kevin Scott, who is also the company’s executive vice president of AI. In it, Scott said that he was “very, very worried” that he had made “a mistake” by dismissing Google’s initial AI efforts as a “game-playing stunt.”

It turned out, Scott suggested, that instead of goofing around, Google had been building critical AI infrastructure that was already paying off, according to a competitive analysis of Google’s products that Scott said showed that Google was competing even more effectively in search. Scott realized that while Google was already moving on to production for “larger scale, more interesting” AI models, it might take Microsoft “multiple years” before it could even attempt to compete with Google.

As just one example, Scott warned, “their auto-complete in Gmail, which is especially useful in the mobile app, is getting scarily good.”

Microsoft had tried to keep this internal email hidden, but late Tuesday it was made public as part of the US Justice Department’s antitrust trial over Google’s alleged search monopoly. The email was initially sealed because Microsoft argued that it contained confidential business information, but The New York Times intervened to get it unsealed, arguing that Microsoft’s privacy interests did not outweigh the need for public disclosure.

In an order unsealing the email among other documents requested by The Times, US District Judge Amit Mehta allowed to be redacted some of the “sensitive statements in the email concerning Microsoft’s business strategies that weigh against disclosure”—which included basically all of Scott’s “thoughts on OpenAI.” But other statements “should be disclosed because they shed light on Google’s defense concerning relative investments by Google and Microsoft in search,” Mehta wrote.

At the trial, Google sought to convince Mehta that Microsoft, for example, had failed to significantly invest in mobile early on, giving Google a competitive advantage in mobile search that it still enjoys today. Scott’s email seems to suggest that Microsoft was similarly dragging its feet on investing in AI until Scott’s wakeup call.

Nadella’s response to the email was immediate. He promptly forwarded the email to Microsoft’s chief financial officer, Amy Hood, on the same day that he received it. Scott’s “very good email,” Nadella told Hood, explained “why I want us to do this.” By “this,” Nadella presumably meant exploring investment opportunities in OpenAI.

Mere weeks later, Microsoft had invested $1 billion into OpenAI, and there have been billions more invested since through an extended partnership agreement. In 2024, the two companies’ finances appeared so intertwined that the European Union suspected Microsoft was quietly controlling OpenAI and began investigating whether the companies still operate independently. Ultimately, the EU dismissed the probe, deciding that Microsoft’s $13 billion in investments did not amount to an acquisition, Reuters reported.

Officially, Microsoft has said that its OpenAI partnership was formed “to accelerate AI breakthroughs to ensure these benefits are broadly shared with the world”—not to keep up with Google.

But at the Google trial, Nadella testified about the email, saying that partnering with companies like OpenAI ensured that Microsoft could continue innovating in search, as well as in other Microsoft services.

On the stand, Nadella also admitted that he had overhyped AI-powered Bing as potentially shaking up the search market, backing up the DOJ by testifying that in Silicon Valley, Internet search is “the biggest no-fly zone.” Even after partnering with OpenAI, Nadella said that for Microsoft to compete with Google in search, there are “limits to how much artificial intelligence can reshape the market as it exists today.”

During the Google trial, the DOJ argued that Google’s alleged search market dominance had hindered OpenAI’s efforts to innovate, too. “OpenAI’s ChatGPT and other innovations may have been released years ago if Google hadn’t monopolized the search market,” the DOJ argued, according to a Bloomberg report.

Closing arguments in the Google trial start tomorrow, with two days of final remarks scheduled, during which Mehta will have ample opportunity to ask lawyers on both sides the rest of his biggest remaining questions.

It’s somewhat obvious what Google will argue. Google has spent years defending its search business as competing on the merits—essentially arguing that Google dominates search simply because it’s the best search engine.

Yesterday, the US district court also unsealed Google’s proposed legal conclusions, which suggest that Mehta should reject all of the DOJ’s monopoly claims, partly due to the government’s allegedly “fatally flawed” market definitions. Throughout the trial, Google has maintained that the US government has failed to show that Google has a monopoly in any market.

According to Google, even its allegedly anticompetitive default browser agreement with Apple—which Mehta deemed the “heart” of the DOJ’s monopoly case—is not proof of monopoly powers. Rather, Google insisted, default browser agreements benefit competition by providing another avenue through which its rivals can compete.

The DOJ hopes to prove Google wrong, arguing that Google has gone to great lengths to block rivals from default placements and hide evidence of its alleged monopoly—including training employees to avoid using words that monopolists use.

Mehta has not yet disclosed when to expect his ruling, but it could come late this summer or early fall, AP News reported.

If Google loses, the search giant may be forced to change its business practices or potentially even break up its business. Nobody knows what that would entail, but when the trial started, a coalition of 20 civil society and advocacy groups recommended some potentially drastic remedies, including the “separation of various Google products from parent company Alphabet, including breakouts of Google Chrome, Android, Waze, or Google’s artificial intelligence lab Deepmind.”

Email Microsoft didn’t want seen reveals rushed decision to invest in OpenAI Read More »