President Joe Biden on Monday signed an executive order barring many uses by the federal government of commercial spyware, which has been increasingly used by other countries in recent years to surveil dissidents, journalists, and politicians.

The signing of the executive order came as administration officials told journalists that roughly 50 US government personnel in at least 10 countries had been infected or targeted by such spyware, a larger number than previously known. The officials didn’t elaborate.

Commercial spyware is sold by a host of companies, with the best known being NSO Group of Israel. The company sells a hacking tool known as Pegasus that can surreptitiously compromise both iPhones and Android devices using “clickless” exploits, meaning they require no user interaction. By sending a text or ringing the device, Pegasus can install spying software that steals contacts, messages, geo locations, and more, even when the text or call isn’t answered. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon.
While NSO describes Pegasus as a “lawful intercept” tool that’s sold only to legitimate law-enforcement agencies to investigate crime and terrorism. Mexico, India, Saudi Arabia, the United Arab Emerates, Morocco, and other countries have been caught deploying it against political dissidents, journalists, and other citizens that aren’t accused of any crimes. In November 2021, the Biden administration restricted the export, re-export, and in-country transfer of products from NSO and three other companies in Israel, Russia, and Singapore.

Monday’s executive order goes further by barring federal agencies, including those engaged in law enforcement, defense, or intelligence activities, from “operationally using” commercial spyware.

“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of US Government personnel and their families,” a fact sheet published by the White House said. “US Government personnel overseas have been targeted by commercial spyware, and untrustworthy commercial vendors and tools can present significant risks to the security and integrity of US Government information and information systems.”

White House officials aren’t naming the specific spyware that’s barred, but using the term commercial spyware strongly implies it includes tools sold by NSO, Cytrox, Candiru, and others. Criteria for tools falling under the order include if:

• they’re abused by a foreign government in an attempt to access the device of a US citizen
• a foreign actor deploys them against activists or dissidents in an attempt to intimidate or curb dissent or opposition or squelch expressions of free speech
• they’re supplied to governments for which there are credible reports that they engage in systematic acts of political repression.

The officials declined to say if US law enforcement and intelligence agencies currently use commercial spyware. Last year, the FBI confirmed a New York Times report that the bureau had bought NSO Group’s Pegasus tool for product testing and evaluation but said they weren’t used for operational purposes or to support any investigation. The US Drug Enforcement Agency, the NYT has also reported, deployed a surveillance tool called Graphite for use in counternarcotics operations.

Over the weekend, an AI-generated image of Pope Francis wearing a puffy white coat went viral on Twitter, and apparently many people believed it was a real image. Since then, the puffy pontiff has inspired commentary on the deceptive nature of AI-generated images, which are now nearly photorealistic.

The pope image, created using Midjourney v5 (an AI image synthesis model), first appeared in a tweet by a user named Leon (@skyferrori) on Saturday and quickly began circulating as part of other meme tweets featuring similar images as well, including one that humorously speculates about a pope “lifestyle brand.”

Not long after, Twitter attached a reader-added context warning to the tweet that reads, “This is an AI-generated image of Pope Francis. It is not a genuine photo.“

As noted in our piece on last week’s AI-generated Donald Trump arrest photos, Twitter guidelines state that users “may not deceptively share synthetic or manipulated media that are likely to cause harm.” Although in this case, the line between harm and parody might be a fuzzy one.

How do we know the image is fake? Aside from a Reddit post containing alternative images of the Pope from the person that likely made it, The Verge breaks down the evidence fairly well in a piece analyzing the impact of the false image. For example, if you zoom in on details, you’ll see telltale signs of image synthesis in warped details like the pope’s crucifix necklace, the crooked shadow of his glasses, and whatever he is carrying in his hand (a cup?).

But still, upon a quick glance, the false photo (“fauxto”?) looks fairly realistic. And as The Verge notes, a stylish image of Pope Francis plays into our beliefs about the papacy, which often involves wild non-fake imagery—although Pope Francis is known for his “humble” outfits.

A Midjourney journey

The image service used to create the fake photo, Midjourney, debuted last year. Along with DALL-E and Stable Diffusion, it’s one of three major image synthesis models that have become popular online. All three allow users to generate novel images using only text descriptions called “prompts.”

In this case, the prompt used to create the puffy pope photo might have been as simple as “Pope Francis in a puffy white coat” because Midjourney has made huge leaps in photorealism recently, rendering complex scenes full of details from relatively simple prompts.

What this almost effortless capability to fake photos means for the future of media is still uncertain, but as we’ve speculated before, due to image synthesis, we may never be able to believe what we see online again.

On Sunday, Singapore-based retrocomputing enthusiast Yeo Kheng Meng released a ChatGPT client for MS-DOS that can run on a 4.77 MHz IBM PC from 1981, providing a unique way to converse with the popular OpenAI language model.

Vintage computer development projects come naturally to Yeo, who created a Slack client for Windows 3.1 back in 2019. “I thought to try something different this time and develop for an even older platform as a challenge,” he writes on his blog. In this case, he turned his attention to MS-DOS, a text-only operating system first released in 1981, and ChatGPT, an AI-powered large language model (LLM) released by OpenAI in November.

As a conversational AI model, ChatGPT draws on knowledge scraped from the Internet to answer questions and generate text. Thanks to an API that launched his month, anyone with the programming chops can interface ChatGPT with their own custom application.

Thanks to his new app, which can run on MS-DOS, Yeo can use a vintage IBM PC-compatible computer to chat with ChatGPT over the Internet. It’s a similar back-and-forth conversation as the traditional ChatGPT web interface, albeit as a text-only, full-screen application running on the antique machine.

Development challenges

MS-DOS posed a particularly challenging platform for a ChatGPT client, lacking native networking abilities. In addition, Yeo targeted a computer with very limited processing power: a 1984 IBM 5155 Portable PC, which includes an Intel 8088 4.77 MHz CPU, 640KB conventional memory, CGA ISA graphics, and MS-DOS 6.22.

To create the client, Yeo used Open Watcom C/C++, a modern compiler running on Windows 11 that can target 16-bit DOS platforms. For testing purposes, he used a VirtualBox virtual machine running DOS 6.22 to streamline the development process, then he transferred the compiled binary to the target IBM DOS PC for testing.

To handle networking on the IBM PC, Yeo needed to weave his way through several layers. First, Yeo utilized a “Packet Driver API” standard invented in 1983. He integrated the open source MTCP library by Michael B. Brutman into the application to communicate with the Packet Driver, enabling networking capabilities for the client.

For the ChatGPT API, Yeo used OpenAI’s Chat Completion API, constructing the POST request (and parsing the JSON-formatted response) manually in C.

However, Yeo hit a major snag: the ChatGPT APIs require encrypted HTTPS connections. Since there are no native HTTPS libraries for MS-DOS, Yeo had to create an HTTP-to-HTTPS proxy that can run on a modern computer and translate the requests and responses between the MS-DOS client and ChatGPT’s secure API, acting as a transparent middleman in the communication process.

Yeo says that reading and writing input to the console presented another challenge due to the single-threaded nature of DOS applications. He devised a method to check and receive keypresses without pausing the program using the MTCP page and online samples as a reference.

In the end, the client works better than Yeo expected, and he looks forward to more retro challenges in the future: “After experiencing this, I will definitely be writing more retro-software in future,” he writes in a blog post that describes his development process in more detail.

Yeo has released his code (called “doschgpt”) on GitHub if others want to run it themselves—or perhaps improve or extend the code in the future. With a little creativity, the latest tech in AI language models need not be limited to cutting-edge machines.