Enlarge (credit: Getty Images / Benj Edwards )

On Thursday, Microsoft announced that it will provide legal protection for customers who are sued for copyright infringement over content generated by the company's AI systems. This new policy, called the Copilot Copyright Commitment, is an expansion of Microsoft's existing intellectual property indemnification coverage, Reuters reports .

Microsoft's announcement comes as generative AI tools like ChatGPT have raised concerns about reproducing copyrighted material without proper attribution. Microsoft has heavily invested in AI through products like GitHub Copilot and Bing Chat that can generate original code, text, and images on demand. Its AI models have gained these capabilities by scraping publicly available data off of the Internet without seeking express permission from copyright holders.

By offering legal protection, Microsoft aims to give customers confidence in deploying its AI systems without worrying about potential copyright issues. The policy covers damages and legal fees, providing customers with an added layer of protection as generative AI sees rapid adoption across the tech industry.

• 

  GitHub's new code search. [credit: GitHub ]

GitHub has announced the general availability of a ground-up rework of code search that has been in development for years.

The changes include substantial new functionality that is significantly more aware of context. The company says its new code search is "about twice as fast" as the old code search and that it "understands code, putting the most relevant results first."

That's on top of redesigned search and code view interfaces. The new search interface offers suggestions and completions, and categorizes and formats the results more intelligently.

Enlarge / Twitter headquarters in San Francisco on February 8, 2023. (credit: Getty Images | Anadolu Agency )

Twitter has obtained a subpoena compelling GitHub to provide identifying information on a user who posted portions of Twitter's source code.

Twitter on Friday asked the US District Court for the Northern District of California to issue a subpoena to GitHub . A court clerk signed off on the subpoena yesterday.

GitHub user "FreeSpeechEnthusiast" posted Twitter source code in early January, shortly after Elon Musk bought Twitter and laid off thousands of workers. Twitter reportedly suspects the code leaker is one of its many ex-employees.

Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub )

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13 . That mandate will extend to all user accounts by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA—far lower than you'd expect from technologists who ought to know the value of it.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 4 remaining paragraphs | Comments

Enlarge / Trump-incited mob tries to breach the US Capitol building in Washington, DC on Wednesday, Jan. 6, 2021. (credit: Getty Images | Bloomberg)

GitHub Inc. yesterday apologized for firing a Jewish employee who had urged colleagues to "stay safe" and avoid "Nazis" on the day a mob incited by President Trump stormed the US Capitol. GitHub said it "reversed the decision" and indicated it is trying to hire the employee back.

"Stay safe homies, Nazis are about," the employee, whose identity hasn't been revealed publicly, wrote in an internal Slack chat room on January 6. He was fired two days later, after one "coworker was quick to criticize the employee for using divisive rhetoric," Business Insider reported last week .

"I did not know that, as a Jew, it would be so polarizing to say this word," the former employee wrote in a Slack group for Jewish employees shortly "before his corporate accounts got deactivated," Business Insider wrote. The former employee "is Jewish and had family who died in the Holocaust," the article said.

Read 9 remaining paragraphs | Comments

A Growl notification. (credit: Aurich Lawson )

Growl , a key part of the Mac desktop experience for 17 years, is being retired. Christopher Forsythe, who acted as the lead developer for the project for years, announced the retirement in a blog post on Friday.

Launched in 2004, Growl provided notifications for applications on Macs (it was also offered for Windows) before Apple introduced its own Notification Center. Notification Center was added to macOS (then styled Mac OS X) in the Mountain Lion update in 2012, but it first debuted on iOS a year earlier.

Here's a snippet of Forsythe's announcement:

Read 3 remaining paragraphs | Comments