Meta to shutter its Novi digital wallet, drawing a line under Libra
Meta is set to shut down its Novi digital wallet on September 01, the company has announced, effectively drawing a line under the Libra project.
Novi, which underwent a small pilot in the US and Guatemala towards the end of last year, used Paxos Trust Co’s USDP stablecoin to enable users to make transfers to each other via a mobile payment app.
The project has received a huge degree of regulatory attention since its inception. In November 2020, for example, leaders of the G7 group of nations objected to the launch of Facebook’s Libra Stablecoin, Novi’s predecessor, until they could decide if it was properly regulated.
Meta has told Novi users to withdraw their balances as soon as possible, as they will be unable to do so after September 01. And users will be unable to transfer money into their accounts after July 21.
Novi users in the US and Guatemala can head here to find out information on how to withdraw their balance via any of the major platforms. And privacy-conscious users can also request a copy of their data stored on Novi, which will no longer be possible after the pilot ends.
The project was initially intended to function via Meta’s own purpose-built stablecoin Diem, however the switch to Paxos was made after opposition from the US congress.
Source: Meta to shutter its Novi digital wallet, drawing a line under Libra
GitHub Copilot works so well because it steals open-source code and strips credit
The Software Freedom Conservancy (SFC), a non-profit community of open-source advocates, today announced its withdrawal from GitHub in a scathing blog post urging members and supporters to rebuke the platform once-and-for-all.
Up front: The SFC’s problem with GitHub stems from accusations that Microsoft and OpenAI trained an AI system called Copilot on data that was published under an open-source license.
Open-source code isn’t like a donations box where you can just take whatever you want and use it in any way you choose.
Background: GitHub is the defacto repository for open-source code in the world. It’s like a combination of YouTube, Twitter, and Reddit, but for programmers and the codes they produce.
Sure, there’s other options. But switching from one code-repository ecosystem to another isn’t the same as trading Instagram for TikTok.
Microsoft acquired GitHub in 2018 for more than seven billion dollars.
In the time since, Microsoft’s leveraged its position as OpenAI’s primary benefactor in a joint endeavor to build Copilot.
And the only way to get access to Copilot is through a special invitation from Microsoft or paid subscription.
A solution: Kill Copilot. Alternately, Microsoft and OpenAI could build a time machine, go back in time, and label every single datapoint in Copilot’s database so that a second model could be built that would apply proper credit to every output.
But it’s always easier to exploit the Wild West do-whatever-you-want regulatory environment and take advantage of people than it is to care about the ethics of the products and services you offer.
Neural’s take: When it comes to solid examples of AI that makes human lives easier, GitHub’s Copilot tops the list. It takes some of the tedious things that can take developers hours of work and makes them as easy as pushing a button or typing a few lines of text.
And there’s a bit of precedent here. GPT-3 and Dall-E use databases of human-generated media to generate novel outputs.
But there’s a key difference between those generators and Copilot. Drawing a duck in the style of Monet or asking GPT-3 to tell you a story about a happy dog are one thing.
Regurgitating code snippets line-by-line from files in a database isn’t coding in the style of someone else, it’s using someone else’s code.
Source: GitHub Copilot works so well because it steals open-source code and strips credit
What’s new in Microsoft Teams: Chat Bubbles on iOS and Android, ‘co-organizer’ role and more
Microsoft in June 2022 rolled out a host of new features as it continues rapidly developing Teams, its collaboration platform for hybrid work with 270 million monthly active users.
Multitasking in Teams meetings on the iPad has improved. There’s now a collapsible right panel during meetings that allows the participant, for example, to chat with colleagues while watching and listening to a presentation.
Chat bubbles in meetings are now available on iOS and Android. When chat bubbles are enabled, users can see chat messages on the screen to preview the two most recent messages. This avoids the need to manually open the chat window within a meeting to see what participants are typing. Users can temporarily or permanently turn of chat bubbles.
Organizations with multi-language teams can now customize emailed meeting ‘join’ invites to include the languages that users are most comfortable with. Admins can apply a policy by enabling the MeetingInviteLanguages parameter in the CsTeamsMeetingPolicy in the admin portal. It can be set at at the user or group level, or for the entire organization.
There’s a new “co-organizer” role, below the official organizer, which can be assigned to up to 10 meeting attendees. Co-organizers can manage Meeting Options, but they can’t currently create and manage breakout rooms, manage meeting records, and view or download attendance reports. Co-organizers need to be from the same tenant as the organizer.
Source: What’s new in Microsoft Teams: Chat Bubbles on iOS and Android, ‘co-organizer’ role and more
Django fixes SQL Injection vulnerability in new releases
The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.
Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django’s main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued today squash the vulnerability.
Tens of thousands of websites, including some popular brands in the U.S. alone choose Django as their Model-Template-View framework, according to some estimates. This is why the need to upgrade or patch your Django instances against bugs like these is crucial.
New releases mitigate potential SQL Injection
Today, the Django team has released versions Django 4.0.6 and Django 3.2.14 that address a high-severity SQL injection vulnerability and is urging developers to upgrade or patch their Django instances as soon as possible.
Assigned CVE-2022-34265, the vulnerability can allow a threat actor to attack Django web applications via arguments provided to the Trunc(kind) and Extract(lookup_name) functions.
“Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value,” states the advisory.
“Applications that constrain the lookup name and kind choice to a known safe list are unaffected.”
Patches also available
For those unable to upgrade to fixed Django versions 4.0.6 or 3.2.14, the team has made patches available that can be applied to existing affected versions.
Source: Django fixes SQL Injection vulnerability in new releases