Cloud

Cringely: Amazon Is Starting To Act Like 'Bad Microsoft' (cringely.com) 30

An anonymous reader quotes Cringely.com: My last column was about the recent tipping point signifying that cloud computing is guaranteed to replace personal computing over the next three years. This column is about the slugfest to determine what company's public cloud is most likely to prevail. I reckon it is Amazon's and I'll go further to claim that Amazon will shortly be the new Microsoft. What I mean by The New Microsoft is that Amazon is starting to act a lot like the old Microsoft of the 1990s. You remember -- the Bad Microsoft...

Tech companies behave this way because most employees are young and haven't worked anywhere else and because the behavior reflects the character of the founder. If the boss tells you to beat up customers and partners and it's your first job out of college, then you beat up customers and partners because that's the only world you know. At Microsoft this approach was driven by Bill Gates's belief that dominance could be lost in a single product cycle leaving no room for playing nice. At Amazon, Jeff Bezos is a believer in moving fast, making quick decisions and never looking back. The market has long rewarded this audacity so Amazon will continue to play hard until -- like Microsoft in the 90s -- they are punished for it.

Cringely points out most startups are already usings AWS -- and so are all 17 US intelligence agencies ("taking 350,000 PCs out of places like the CIA.")

Bonus link: 17 years ago Cringely answered questions from Slashdot readers.
Transportation

DJI Threatens Researcher Who Reported Exposed Cert Key, Credentials, and Customer Data (arstechnica.com) 70

An anonymous reader quotes Ars Technica: DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."

The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."
Chrome

Is Firefox 57 Faster Than Chrome? (mashable.com) 216

An anonymous reader quotes TechNewsWorld: Firefox is not only fast on startup -- it remains zippy even when taxed by multitudes of tabs. "We have a better balance of memory to performance than all the other browsers," said Firefox Vice President for Product Nick Nguyen. "We use 30 percent less memory, and the reason for that is we can allocate the number of processes Firefox uses on your computer based on the hardware that you have," he told TechNewsWorld. The performance improvements in Quantum could be a drink from the fountain of youth for many Firefox users' systems. "A significant number of our users are on machines that are two cores or less, and less than 4 gigabytes of RAM," Nguyen explained.
Mashable ran JetStream 1.1 tests on the ability to run advanced web applications, and concluded that "Firefox comes out on top, but not by much. This means it's, according to JetStream, slightly better suited for 'advanced workloads and programming techniques.'" Firefox also performed better on "real-world speed tests" on Amazon.com and the New York Times' site, while Chrome performed better on National Geographic, CNN, and Mashable. Unfortunately for Mozilla, Chrome looks like it's keeping the top spot, at least for now. The only test that favors Quantum is JetStream, and that's by a hair. And in Ares-6 [which measures how quickly a browser can run new Javascript functions, including mathematical functions], Quantum gets eviscerated... Speedometer simulates user actions on web applications (specifically, adding items to a to-do list) and measures the time they take... When it comes to user interactions in web applications, Chrome takes the day...

In reality, however, Quantum is no slug. It's a capable, fast, and gorgeous browser with innovative bookmark functionality and a library full of creative add-ons. As Mozilla's developers fine-tune Quantum in the coming months, it's possible it could catch up to Chrome. In the meantime, the differences in page-load time are slight at best; you probably won't notice the difference.

The Military

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk) 82

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Music

Apple's HomePod Gets Delayed Until 2018 (theverge.com) 43

Apple has reportedly delayed the release of its HomePod smart speaker until 2018. In a statement to The Verge, Apple says that it needs more time to work on the device. "We can't wait for people to experience HomePod, Apple's breakthrough wireless speaker for the home, but we need a little more time before it's ready for our customers," an Apple spokesperson said. "We'll start shipping in the U.S., UK and Australia in early 2018." From the report: The speaker was originally set to be released in December. Priced at $349, the HomePod is slated to take on higher-end sound systems like Sonos, as well as smart assistants like the Amazon Echo and Google Home. The cylindrical speaker features a seven-speaker array of tweeters, a four-inch subwoofer, and a six-microphone array, which puts it right on par spec-wise with the best speakers in its price range, but where it may fall short is Siri, which isn't really in the same class as Alexa or Google Assistant. That challenge is likely why Apple's focus at the launch of the HomePod back at WWDC in June was music first and smart features second.
Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 40

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
Security

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com) 106

Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.
Businesses

The Brutal Fight To Mine Your Data and Sell It To Your Boss (bloomberg.com) 75

An anonymous reader shares a report from Bloomberg, explaining how Silicon Valley makes billions of dollars peddling personal information, supported by an ecosystem of bit players. Editor Drake Bennett highlights the battle between an upstart called HiQ and LinkedIn, who are fighting for your lucrative professional identity. Here's an excerpt from the report: A small number of the world's most valuable companies collect, control, parse, and sell billions of dollars' worth of personal information voluntarily surrendered by their users. Google, Facebook, Amazon, and Microsoft -- which bought LinkedIn for $26.2 billion in 2016 -- have in turn spawned dependent economies consisting of advertising and marketing companies, designers, consultants, and app developers. Some operate on the tech giants' platforms; some customize special digital tools; some help people attract more friends and likes and followers. Some, including HiQ, feed off the torrents of information that social networks produce, using software bots to scrape data from profiles. The services of the smaller companies can augment the offerings of the bigger ones, but the power dynamic is deeply asymmetrical, reminiscent of pilot fish picking food from between the teeth of sharks. The terms of that relationship are set by technology, economics, and the vagaries of consumer choice, but also by the law. LinkedIn's May 23 letter to HiQ wasn't the first time the company had taken legal action to prevent the perceived hijacking of its data, and Facebook and Craigslist, among others, have brought similar actions. But even more than its predecessors, this case, because of who's involved and how it's unfolded, has spoken to the thorniest issues surrounding speech and competition on the internet.
Businesses

Walmart Is Raising Prices Online To Increase In-Store Traffic (theverge.com) 133

An anonymous reader quotes a report from The Verge: Walmart is taking a bit of an nontraditional approach to boost sales ahead of Black Friday and Cyber Monday shopping events by raising prices for products sold online and discounting those same items in physical retail stores. According to The Wall Street Journal, the big-box store has quietly raised prices for household and food items such as toothbrushes, macaroni and cheese, and dog food on its website while the prices in stores remained the same. If there are price discrepancies between online and in-store purchases, Walmart will now highlight this on the product's web listing to encourage customers to buy them from their local stores. It's all part of an effort to increase foot traffic as Walmart continues to compete with Amazon just about everywhere else.

With the new pricing strategy, a twin-pack of Betty Crocker Hamburger Helper costs $3.30 on Walmart.com, but goes as low as $2.50 if purchased at a store in Illinois. The aim is to also help reduce processing costs and increase online sales margins, since driving customers to stores means less shipping costs for the retailer. Shipping one box of instant macaroni and cheese from Chicago to Atlanta could cost Walmart as much as $10, reports the WSJ.

Security

Amazon Is Cutting Prices at Whole Foods Again (cnn.com) 122

An anonymous reader shares a report: Amazon is giving Whole Foods shoppers an early gift for the holidays. The grocer announced Wednesday it's slashing prices again, this time on several "holiday staples," including sweet potatoes, canned pumpkin and turkey. If you're an Amazon Prime member, you'll pay even less for turkey: Whole Foods slashed turkey prices to $1.99 per pound (compared to $2.49 for non-Prime members), or $2.99 per pound for an organic turkey ($3.49 for non-Prime members).
Android

UC Browser Mobile App Disappears From Google Play Store (medianama.com) 34

UC Browser, a popular mobile web browser owned by China's Alibaba Group, has mysteriously disappeared from the Google Play Store. The app was pulled from the Google Play Store on November 12, according to data from app analytics firm App Annie. Several users began inquiring about the app's whereabouts earlier this week on Reddit. It was not immediately clear why UC Browser had been pulled from Android's marquee app store. According to Twitter user Mike Ross, who claims to be a developer at Alibaba Group, Google pulled UC Browser from its store due to "misleading" and "unhealthy" promotional tactics used by the company to increase the install count of its app. UC Browser is still available to download on Apple's App Store, Amazon's Android store, and through company's official website. UC Browser Mini, a light version of the company's browser is notably still listed on Google Play. Though UC Browser is not a household name in the Western markets, the Alibaba's app is incredibly popular in markets such as India. It has been among the top six most downloaded apps from Google Play in India for the last two years, venture capitalist Mary Meeker noted in her yearly internet report in May this year. As of July, UC Browser had been installed more than 100 million times worldwide from Google Play Store.
The Internet

Ads May Soon Stalk You on TV Like They Do on Your Facebook Feed (bloomberg.com) 203

Targeted ads that seem to follow us everywhere online may soon be doing the same on our TV. From a report: The Federal Communications Commission is poised to approve a new broadcast standard that will let broadcasters do something cable TV companies already do: harvest data about what you watch so advertisers can customize pitches. The prospect alarms privacy advocates, who say there are no rules setting boundaries for how broadcasters handle personal information. The FCC doesn't mention privacy in the 109-page proposed rule that is scheduled for a vote by commissioners Thursday. "If the new standard allows broadcasters to collect data in a way they haven't before, I think consumers should know about that," Jonathan Schwantes, senior policy counsel for Consumers Union, said in an interview. "What privacy protections will apply to that data, and what security protections?" For broadcasters, Next Gen TV represents an advance into the digital world that for decades has been siphoning viewers away to the likes of Facebook, Netflix, Google's YouTube and Amazon's Prime video service.
Television

Amazon Is Making a 'Lord of the Rings' Prequel Series (techcrunch.com) 109

Amazon is making a Lord of the Rings prequel TV series for its Amazon Instant streaming service. The show, which already carries a multi-season commitment, will "explore new storylines preceding J.R.R. Tolkien's The Fellowship of the Ring." TechCrunch reports: It's possible the new series will mine the ponderous but rich Silmarillion for material, as fan fiction writers and lore aficionados have done for decades. The exploits of the Elf-Lords of old would make for a stirring epic, while many would thrill at the possibility of seeing Moria at the height of its grandeur. So much depends on the quality of the adaptation, though. Amazon has been pretty good about its Originals, but this will be an undertaking far beyond the scope of anything its studios and partners have yet attempted. Amazon is partnering with New Line Cinema, which of course was the film company behind the much-loved trilogy that began in 2001, and the Tolkien Estate, as well as HarperCollins for some reason. The deal also "includes a potential additional spin-off series," presumably if it's popular enough.
Businesses

Amazon Developing a Free, Ad-Supported Version of Prime Video: Report (adage.com) 74

Amazon is developing a free, ad-supported complement to its Prime streaming video service, AdAge reported on Monday, citing people familiar with Amazon's plans. From the report: The company is talking with TV networks, movie studios and other media companies about providing programming to the service, they say. Amazon Prime subscribers pay $99 per year for free shipping but also access to a mix of ad-free TV shows, movies and original series such as "Transparent" and "The Man in the High Castle." It has dabbled in commercials on Prime to a very limited degree, putting ads inside National Football League games this season and offering smaller opportunities for brand integrations. A version paid for by advertisers instead of subscribers could provide a new foothold in streaming video for marketers, whose opportunities to run commercials are eroding as audiences drift away from traditional TV and toward ad-free services like Netflix and Prime.
Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

Businesses

Here Comes the World's Biggest Shopping Spree -- Again (bloomberg.com) 38

A reader shares a report: On Nov. 11, China celebrates Singles Day, a holiday dedicated to the nation's unattached. It's also the world's largest shopping festival -- and a bonanza for internet giant Alibaba Group. Up to 500 million consumers will visit sites run by the company searching for discounts on items including Bordeaux wine, UGG boots, SUVs, and high-end Japanese toilets. Citigroup estimates that Alibaba's sales during this year's event could reach 158 billion yuan ($23.8 billion). For Alibaba, Singles Day will also be a demonstration of how far its cloud business has come in eight years. At the peak of activity, Alibaba's servers may be tasked with processing 175,000 transactions a second from its own sites. "It's the day when the largest amount of computing power is needed in China," says He Yunfei, a senior product manager for Alibaba Cloud. [...] Alibaba dominates the Chinese cloud -- in part because local regulators won't issue data center operating licenses to foreign companies, curtailing the China ambitions of Amazon.com and Microsoft, the No. 1 and No. 2 cloud providers globally.
Businesses

Monopoly Critics Decry 'Amazon Amendment' (thehill.com) 52

schwit1 shares a report from The Hill: The amendment, Section 801 of the National Defense Authorization Act (NDAA), would help Amazon establish a tight grip on the lucrative, $53 billion government acquisitions market, experts say. The provision, dubbed the "Amazon amendment" by experts, according to an article in The Intercept, would allow for the creation of an online portal that government employees could use to purchase everyday items such as office supplies or furniture. This government-only version of Amazon, which could potentially include a few other websites, would give participating companies direct access to the $53 billion market for government acquisitions of commercial products. "It hands an enormous amount of power over to Amazon," said Stacy Mitchell of the Institute for Local Self-Reliance, a research group that advocates for local businesses. Mitchell said that the provision could allow Amazon to gain a monopoly or duopoly on the profitable world of commercial government purchases, leaving smaller businesses behind and further consolidating the behemoth tech firm's power.

schwit1 adds: "Well, this is a two-edged sword, isn't it? Government spends too much and takes too long to buy its simple office needs, but streamlining that process and cutting costs puts more money in the pocket of Jeff Bezos."

United States

America's 'Retail Apocalypse' Is Really Just Beginning (bloomberg.com) 398

An anonymous reader quotes a report from Bloomberg: The so-called retail apocalypse has become so ingrained in the U.S. that it now has the distinction of its own Wikipedia entry. The industry's response to that kind of doomsday description has included blaming the media for hyping the troubles of a few well-known chains as proof of a systemic meltdown. There is some truth to that. In the U.S., retailers announced more than 3,000 store openings in the first three quarters of this year. But chains also said 6,800 would close. And this comes when there's sky-high consumer confidence, unemployment is historically low and the U.S. economy keeps growing. Those are normally all ingredients for a retail boom, yet more chains are filing for bankruptcy and rated distressed than during the financial crisis. That's caused an increase in the number of delinquent loan payments by malls and shopping centers. The reason isn't as simple as Amazon.com Inc. taking market share or twenty-somethings spending more on experiences than things. The root cause is that many of these long-standing chains are overloaded with debt -- often from leveraged buyouts led by private equity firms. There are billions in borrowings on the balance sheets of troubled retailers, and sustaining that load is only going to become harder -- even for healthy chains. The debt coming due, along with America's over-stored suburbs and the continued gains of online shopping, has all the makings of a disaster. The spillover will likely flow far and wide across the U.S. economy. There will be displaced low-income workers, shrinking local tax bases and investor losses on stocks, bonds and real estate. If today is considered a retail apocalypse, then what's coming next could truly be scary.
Businesses

Most Amazon Prime Subscribers Say They Don't Want To Buy the Amazon Key That Lets Delivery People Into Their Homes (recode.net) 357

A reader shares a report: Next week, Amazon will start delivering packages straight into Americans' homes, using a smart lock and camera device called Amazon Key. But will anyone bother paying for what seems like an invasive service? Most wouldn't. About 58 percent of people who have Amazon Prime definitely would not buy Amazon Key, according to a SurveyMonkey poll done on behalf of Recode. That's only slightly less than the 61 percent of all U.S. adults who wouldn't buy the product, suggesting it's broadly unattractive, regardless of whether people are Amazon customers. Among Prime subscribers, only 5 percent said they would definitely buy Amazon Key. Of all U.S. shoppers, even less -- 4 percent -- said they would. Nearly 60 percent of the respondents have Prime subscriptions.
Businesses

Amazon Discounts Other Sellers' Products as Retail Competition Stiffens (reuters.com) 98

Amazon is slashing prices of products from third-party sellers on its website, moving beyond its more typical method of discounts on items it sells directly. From a report: The "discount provided by Amazon" applies to products including board games and technological gadgets offered by other merchants as the holiday season approaches. The retailer has been trying to compete aggressively on some items to win sales and draw customers away from low-priced rivals like Wal-Mart Stores. The move allows Amazon to sell the products at lower prices while still giving full price to the sellers. "When Amazon provides a discount, customers get the products they want at a price they'll love, and small businesses receive increased sales at their listed asking price," an Amazon spokeswoman said in an emailed statement, noting that businesses can opt out at any time.

Slashdot Top Deals